The EU celebrates the first anniversary of GDPR-application. GDPR changed the data protection landscape in the EU and it has strong effects outside of the European Union too. Below, you can find some crazy facts about data protection that should be considered in the future when we think further how the data protection regulation and the practice based on the rules should look like.
Length and complexity of privacy notices
The House of Commons Science and Technology Committee's report refers to the fact that it is almost impossible to read all privacy notices on the internet that come together with the services that we want to use since "if you read all the terms and conditions on the internet you would spend a month every year on it" (point 44, referring to the testimony of Carl Miller, Research Director, Centre for the Analysis of Social Media, Demos).
One of the main goals of GDPR was to make data processing activities more transparent. How do you think privacy policies have changed due to the new regulation? Privacy policies became longer and more complex. A comparison of privacy policies of some of the top websites (like Google, Facebook, Wikipedia, Reddit, eBay, Amazon etc.) before and after the GDPR shows that both the average word count and the reading time has increased significantly. It seems that the goal of GDPR to make data processing more transparent has not been achieved.
The above leads to a situation where users automatically click on the "Accept" button without considering to collect more information regarding the use of their personal data. Real transparency remains a dream.