Why all the privacy notifications in your email?

If you're like most internet users, you've probably received a dozen or more emails this week notifying you of looming privacy policy updates at your favorite websites - and perhaps even at a few sites you'd completely forgotten about.

What is the big deal, and why is everyone from Airbnb to Yelp suddenly updating their terms of service?

Websites around the world are having to update their policies because of a new set of privacy protections being put in place by the European Union.

The EU's General Data Protection Regulation, or GDPR, went into effect on Friday.

The regulations were written to benefit European citizens by giving them more control over the data that's collected by online services.

But in practice, the new rules will have widespread ramifications as even U.S.-based companies who handle the data of EU citizens try to make sure they're in compliance. The changes you're seeing in corporate privacy policies is one example.

The new policies, which will be enforced by the Information Commissioner's Office, require companies to be explicit in their efforts to seek consent from consumers before collecting their personal information.

Companies also have to give consumers easy access to their own data, and to delete that data if the customer requests it.

Many companies subject to GDPR are expected to appoint a data protection officer.

And importantly, companies have to notify users quickly of data breaches when they occur - under the new rules, they have 72 hours to inform the public after a breach is discovered.

Failure to comply with GDPR comes with the risk of heavy fines - up to four percent of a company's annual global revenue, or about $23 million, whichever is higher. In the case of Facebook, which pulled in $40.7 billion in revenue last year, a violation could mean an eye-popping $1.6 billion penalty.

Facebook already was hit with lawsuits alleging violations of GDPR on the policy's very first day. In response, the company has said it's been working to comply with GDPR for the past 18 months.

A number of U.S.-based news sites - the Los Angeles Times, Chicago Tribune, Baltimore Sun and a raft of others - basically have gone offline as far as European readers are concerned.

While it may seem like a mystery, the common denominator underneath these different publications is that they are all owned by the same parent company, Tronc.

The media company put out a statement Friday that reads exactly the same as what viewers see on the blocked sites: 'We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”

Unlike other news outlets such as NPR, which have updated their privacy policies in light of the new regulations, Tronc appears to have sidestepped having to comply with GDPR by simply making its sites unavailable to EU residents altogether.