It takes at least 30 minutes to read the privacy policies of some of the world’s most popular tech platforms and some of them require a university education “to be properly understood,” according to research by the BBC.
Commenting on the research, Damian Collins MP, whose constituency website we discovered doesn’t contain a privacy policy, told the BBC tech platforms are “exploiting” users’ data.
He also went onto say people have to be “fully informed” about their rights and why “their data is being taken away”.
It’s one of many examples recently of public institutions or representatives arguing for standards they themselves haven’t implemented.
Recently, we discovered:
- The EU’s website, Europa.eu, is serving third-party content from platforms like YouTube and Twitter and spreadsheets containing hundreds of names and email addresses;
- The EU doesn’t need to comply with the GDPR but a new regulation that comes into effect later this year. Under the new regulation, EU institutions can be fined up to 500,000 EUR for data violations but “only as a last resort”. Under the GDPR, private organizations can be fined up to 20 million EUR or 4 percent of revenue, whichever is higher;
- British lawmakers are relying on the GDPR’s “public interest” basis to collect their users’ data. The basis is further clarified by The Data Protection Act 2018, which states “public interest” can be defined as “promoting democratic engagement”. The UK’s Data Protection Authority has previously expressed “concern” about the provision, describing it as “very wide”.
Users visiting Damian Collins’ website are prompted by a modal window that asks them to give away their email address. Moreover, the website contains a script for the popular tracking platform Google Analytics.
The script collects users’ browser and behavioral data and allows webmasters the opportunity to anonymize users’ IP addresses before they are sent back to Google’s servers, a feature the MP hasn’t taken advantage of.
In 2016, the Court of Justice ruled that IP addresses qualify as personal data in certain circumstances.
From its research the BBC also found it takes upwards of nine hours to read the privacy policies of 15 of the world’s most popular tech platforms.
It claims that the policies it analyzed are “tougher to read than Dickens”.
Some of the privacy policies analyzed include those published by Amazon, Apple, Facebook, WhatsApp, Wikipedia, Reddit and Google, all of which the BBC claims require a university education to be properly understood.
Of all of the policies analyzed Spotify’s was the longest and contains 13,000 words. Meanwhile, Wikipedia, Apple and Tinder are 2nd, 3rd and 4th, with each of the privacy policies of the aforementioned containing more than 10,000 words.
In response, many of the tech platforms pointed to their “easy-to-read” summaries and Google claims that featuring some legalese in its privacy policies is “unavoidable”. Meanwhile, Netflix claims it is “legally bound to include certain wording and information”.