GDPR

Adatvédelem mindenkinek / Data protection for everyone

Crazy facts about data protection

2019. június 03. 08:00 - poklaszlo

Why do we need smart privacy regulations?

The EU celebrates the first anniversary of GDPR-application. GDPR changed the data protection landscape in the EU and it has strong effects outside of the European Union too. Below, you can find some crazy facts about data protection that should be considered in the future when we think further how the data protection regulation and the practice based on the rules should look like.   

Length and complexity of privacy notices

The House of Commons Science and Technology Committee's report refers to the fact that it is almost impossible to read all privacy notices on the internet that come together with the services that we want to use since "if you read all the terms and conditions on the internet you would spend a month every year on it" (point 44, referring to the testimony of Carl Miller, Research Director, Centre for the Analysis of Social Media, Demos).

According to this blog post, "the average privacy policy is 3964 words in length, up 58% from the 2514 words found by McDonald and Cranor (2008) in their work." The reading time of the privacy policies of the top 20 mobile applications is almost 7 hours (approx. 6 hours 40 minutes). 

One of the main goals of GDPR was to make data processing activities more transparent. How do you think privacy policies have changed due to the new regulation? Privacy policies became longer and more complex. A comparison of privacy policies of some of the top websites (like Google, Facebook, Wikipedia, Reddit, eBay, Amazon etc.) before and after the GDPR shows that both the average word count and the reading time has increased significantly. It seems that the goal of GDPR to make data processing more transparent has not been achieved.  

The above leads to a situation where users automatically click on the "Accept" button without considering to collect more information regarding the use of their personal data. Real transparency remains a dream. 

Huge number of third party players

The Norwegian Data Protection Authority (Datatilsynet), in its overview regarding the commercial use of personal data ("The great data race"), presented its study regarding the presence of third-party players on six main Norwegian online newspapers and "how many cookies are placed on a web browser when visitng these sites. The results are astonishing: ... there is a massive presence of third party players. The number of cookies is also enourmous. Between 100 and 200 cookies were placed on our browser when we visited the papers’ front pages. Our IP address was sent on to 356 servers." (see on page 23)

The Bavarian Data Protection Authority also found that in the majority of the cases no proper information is available on the websites regarding the use of cookies ("...30 of the 40 audited companies did not sufficiently inform data subjects on their websites....").  

These numbers show that there are many players behind the scenes, which may also suggest that there is a lack of transparency. 

Data was the new oil but now, trust is the newest oil

Companies started to compete for our data and a bit later, consumers' attention became very valuable in the "high noise" and now, after a series of data scandals, trust became one of the most important elements of data economy.

Several surveys have concluded that there is a lack of trust regarding the use of consumers' data. According to an Eurobarometer's survey (2015): 

  • Only 15% of people feel they have complete control over the information they provide online. 
  • 67% of respondents are concerned about not having complete control over the information they provide online.
  • 69% of people say they their explicit approval should be required in all cases before their data is collected and processed.

The numbers show that people want to have more control over their data, they even want to be in a poistion to give explicit approval for the use of their data. On the other side, in practice, people are often light-minded when they make decisions on the use of their data. Can people really take back the control over their data? 

Do we have data protection rules that are smart enough to deal with the above issues?

GDPR was an important step ahead in regulating the processing of personal data but in a continously changing environment, it is only a milestone and not the end of the road (actually, there is no end in this process). Data protection legislation and practice shall be developed and shaped in accordance with the technological developments and the needs of the society where the rules shall be applied. There is a long and winding road in front of us but we have no other choice than go forward and search for the balance between the use of personal data and privacy. GDPR may not remain untouched as long as the Data Protection Directive 95/46/EC but after one year of application, we can say "Happy Birthday, GDPR".     

Szólj hozzá!
Címkék: trust cookies transparency EU UK EN privacy policy GDPR Datatilsynet data economy

Ajánlott bejegyzések:

A bejegyzés trackback címe:

https://gdpr.blog.hu/api/trackback/id/tr7813883506

Kommentek:

A hozzászólások a vonatkozó jogszabályok  értelmében felhasználói tartalomnak minősülnek, értük a szolgáltatás technikai  üzemeltetője semmilyen felelősséget nem vállal, azokat nem ellenőrzi. Kifogás esetén forduljon a blog szerkesztőjéhez. Részletek a  Felhasználási feltételekben és az adatvédelmi tájékoztatóban.

Nincsenek hozzászólások.
süti beállítások módosítása