The BEUC, a European umbrella organization of consumer groups, has commissioned automated research into the privacy policies of fourteen tech companies, including Google, Apple and Facebook. The conclusion is that these fall short in the light of the GDPR privacy law.
According to BEUC, which conducted the study in collaboration with the European University Institute, it looked at the privacy policies of Google, Facebook, Amazon, Apple, Microsoft, WhatsApp, Twitter, Uber, Airbnb, Booking.com, Skyscanner, Netflix, Steam and Fortnite creator Epic Games. The companies are selected based on the popularity of their services. The investigation took place in June with an AI bot called Claudette, who uses machine learning to benchmark companies’ privacy policies against a ‘gold standard’ and identify problematic passages. BEUC concludes that eleven percent of all sentences in the texts contain unclear language and that about one third provide insufficient information or are otherwise ‘potentially problematic’.
The organization writes that the General Data Protection Regulation, which has been in effect since the end of May, requires that privacy policies contain all necessary information and are written in understandable language. In addition, the processing of personal data mentioned in the policy must actually be lawful. BEUC President Monique Goyens says: “Just over a month after the GDPR comes into effect, many companies’ privacy policies may not meet the standard of the law. This is very worrying. It is crucial that enforcement authorities study this matter further.”
BEUC wants to inform the European Data Protection Board about the findings. Recently, a Norwegian consumer organization published a critical report on the privacy menus of Google, Facebook and Microsoft, stating that the companies use ‘dark patterns’ to entice people into less privacy-friendly settings.