Privacy Policies, Cross-border Health Data and the GDPR
Information & Communications Technology Law Journal (2019)
28 Pages Posted: 9 Feb 2020 Last revised: 18 Mar 2020
Date Written: September 5, 2019
Research going back to 2008 has shown that a vast majority of the people never read privacy policies (AM McDonald and LF Cranor, The Cost of Reading Privacy Policies (2008) 4A JLPI 543). Since then, not a lot has changed (F Schaub and others, Designing Effective Privacy Notices and Controls (2017) 99 IEEE 70). Most people formally consent to privacy policies without knowing what happens to their personal data. This odd situation is called the privacy paradox: while people highly value their fundamental right to privacy, they do not act accordingly, especially when it concerns new technologies (M Taddicken, The Privacy Paradox in the Social Web (2013) 19 JCMC 248). Since more and more people use apps on their mobile phones and wearables to measure their health, it is important to do research in this area. Nowadays, privacy is a popular news item; this might be why more and more companies use privacy both in their business models and as a marketing tool. This raises the question whether people really give informed consent to privacy policies, as they seem to rely on marketing statements rather than reading the actual privacy policies themselves.
Keywords: Data protection, health data, GDPR, modern technologies, privacy, cross-border
Suggested Citation: Suggested Citation