Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in Account Settings or using this page.
Soure: https://www.plex.tv/vendors/ (Might have to clear cache)
Can also read about the changes here: https://www.plex.tv/about/privacy-legal/
"Hashed emails". Besides the fact that they can match up a hash from one source to a hash from another source to link them to the same person (they never said they'd salt them), emails often have enough predictability to break the hash. Assuming they all end in "@gmail.com", "@outlook.com", or "@yahoo.com" will get you the vast majority of emails out there. Unlike a good password scheme, people don't shove a lot of random data into their email addresses.
Was about to say this.
I saw a small-time project using hashed phone numbers and emails a while ago, where assume stupidity instead of malice was a viable explanation.
In this case however, Plex is large enough and has to care about securiry enough that they either
did this on purpose to make it sound better, as a marketing move,
did not show this to their security experts,
or chose to ignore concerns by those experts and likely others (turning it into the first option basically)
There is no option where someone did not either knowingly do or provoke this.