Ghostery GDPR Email Breaches GDPR Laws

June 2, 2018


Ghostery, a secrecy and safety-related browser extension and moveable browser application, violated the newly announced European Union GDPR Data Secrecy law with the electronic mail it circulated to its users to inform them of modifications in Data Secrecy under the new law.

All of the electronic mail addresses contained in the mailshot were recorded in the CCed field make them easily available to the public. Reps for Ghostery stated: “Unluckily, because of a technical problem between us and the electronic mail sending tool we picked, the GDPR electronic mail, which was designed to be a single electronic mail to each receiver was in its place transmitted to a group of users, unintentionally disclosing the electronic mail addresses for each group to all receivers of a group by adding everyone directly in the ‘To’ field”.

They added: “We honestly make an apology for this occurrence. We are embarrassed and horrified that this occurred, and are doing our best to make certain it never happens again.”

The business sent out notifications, in lots of 500 users, boasting of its secrecy standards on the day that GDPR took effect. The electronic mail arrived in inboxes with the subject line “Happy GDPR Day — we’ve got you protected!” We at Ghostery hold ourselves to a high standard when it comes to users’ secrecy, and have applied measures to strengthen safety and make sure compliance with all facets of this new law.”

“Why didn’t Ghostery send a test electronic mail first to a dozen real users, to determine that all is correct, before transmitting to a bigger trial party and, only after that, send its large-scale GDPR electronic mail blast,” said Kolochenko. “I expect Ghostery will make the necessary decisions and embark on the needed measures to revise and increase their internal procedures, including data break announcement process.”

Ghostery informed the occurrence as needed under GDPR. The electronic mail is no longer being circulated.

The business ended by stating: “Additionally, although this was a mistake with update electronic mails that all account holders will continue to get (e.g., when we’re lawfully required), we are providing clear directives on how to opt out of future Ghostery product and marketing electronic mails or erase an account for those who desire to do so, as well as permanently deleting any user data upon request. If you wish to not get these updates you may erase your account.”