Law in Books and Law in Action: The Readability of Privacy Policies and the GDPR
CONSUMER LAW & ECONOMICS, Klaus Mathis & Avishalom Tor eds., Springer (2021), pp. 179-204
29 Pages Posted: 6 Mar 2019 Last revised: 1 Nov 2021
Date Written: February 13, 2019
Abstract
Digital markets and the online environment allow individuals to enjoy free means of communications and relatively cheap services and goods in exchange for their data and privacy. As a result, firms hold unimaginable information on consumers. Privacy experts have been well aware of this reality for some years, and numerous discussions and debates have ensued.
More recently, online privacy issues are becoming a hot topic also in public talks, mass media, popular books and social media. This, in part, is due to manifold privacy-related scandals that have occurred in recent years. Given growing concerns, public awareness and large-scale privacy scandals, it is now also at the forefront of policy-making.
Notably, the most systematic legislative attempt to make more order in the chaotic world of privacy is the EU General Data Protection Regulation (GDPR). The primary objective of the GDPR is to level the playing field and give individuals more control over their personal data. Among other things, the GDPR aspires to force companies to be more transparent around data collection and usage.
Along these lines, the GDPR requires firms to clearly communicate privacy terms to end users by using "clear and plain language" in their privacy agreements. This, in turn, provides quite a unique opportunity to examine the readability of legal texts that are subject to a recently-enacted plain language rule. In this study we ask whether, half a year post-GDPR, firms offer users online privacy agreements that are written in a readable manner.
The study is organised as follows: Part I presents a quick overview of the GDPR, putting it in context and focusing on the concept of plain language. Part II then succinctly discusses empirical measures and tools designed to systematically examine text readability. Part III reviews prior empirical findings that shed some light on the language of privacy policies. Part IV, which constitutes the main contribution of our study, empirically examines the readability of privacy policies of 300 highly popular websites. The results indicate that in spite of the GDPR’s requirement, users often encounter privacy policies that are largely unreadable. Part V discusses some policy recommendations. Concluding remarks follow.
Keywords: online privacy, privacy policies, consumer protection, GDPR, readability, plain language
Suggested Citation: Suggested Citation