Top

Published in:

2021 | OriginalPaper | Chapter

Law in Books and Law in Action: The Readability of Privacy Policies and the GDPR

Authors : Shmuel I. Becher, Uri Benoliel

Published in: Consumer Law and Economics

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The most systematic legislative attempt to make more order in the chaotic world of privacy is the EU General Data Protection Regulation (GDPR). The primary objective of the GDPR is to level the playing field and give individuals more control over their personal data. Among other things, the GDPR aspires to force companies to be more transparent around data collection and usage. Along these lines, the GDPR requires firms to clearly communicate privacy terms to end users by using “clear and plain language” in their privacy agreements. In this study we ask whether, half a year post-GDPR, firms offer users online privacy agreements that are written in a readable manner. To that end, we empirically examine the readability of privacy policies of 300 highly popular websites. The results indicate that in spite of the GDPR’s requirement, users often encounter privacy policies that are largely unreadable. After presenting the empirical results we further discuss the legal and policy implications of our findings.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Correcting Information Asymmetry Via Deep Consumer Information; Compelling Companies to Let the Sunshine In

next chapter ‘Your DNA Is One Click Away’: The GDPR and Direct-to-Consumer Genetic Testing

Cf. Balkin (2018).

Tene (2008).

Hoofnagle et al. (2018), p. 2.

Schwartz and Peifer (2017).

Hoofnagle et al. (2018), pp. 2–3, and 6.

Abril et al. (2018), p. 30.

Markram (2018).

Rustad and Koenig (2018), p. 68.

Hoofnagle et al. (2018), p. 3.

Rustad and Koenig (2018).

https://eugdpr.org/.

https://eugdpr.org/the-regulation/.

Rustad and Koenig (2018).

Hoofnagle et al. (2018), pp. 2, 4, 6, 32–33.

Rustad and Koenig (2018).

Bignami and Resta (2015), Schwartz (2013) and Hoofnagle et al. (2018), p. 6.

Houser and Voss (2018).

https://www.economist.com/the-economist-explains/2016/11/22/what-is-the-splinternet.

Hoofnagle et al. (2018), p. 5.

Rustad and Koenig (2018), p. 88.

Felsenfeld (1982–1983), p. 408; Serafin (1998), p. 694; Kimble (1992), p. 3.

Schiess (2003–2004), p. 53.; Friman (1994–1995), p. 108.

https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/franchise-rule.

16 C.F.R. § 436.6(b).

16 C.F.R. § 436.1(o).

17 C.F.R. § 230.421.

29 U.S.C. § 1022(a).

12 C.F.R. § 205.4; 15 U.S.C. § 2302(a).

45 C.F.R. 164.520(b)(1).

15 U.S.C. § 1632(a); 12 C.F.R. § 213.3(a) (Consumer Leasing Act); 12 C.F.R. § 1024.32(a)(1) (Real Estate Settlement Procedures Act of 1974); 12 C.F.R. § 1030.3(a) (Truth in Savings Act).

Timm and Oswald (1985), p. 33.; Ross (1981), p. 331.

Lloyd (1986), p. 687.

See, for instance, Mont. Code Ann. § 30-14-1103 (West 2015).

See, for instance, Con. Gen. Stat. Ann. § 42-152(c)(1), (2) & (5) (West 2015).

Asprey (2005), p. 62.

https://www.bmo.com/pdf/9243738PlainLangMortDocs_en.pdf.

https://www.cba.ca/voluntary-commitments-and-codes-of-conduct?l=en-us.

http://www.nzba.org.nz/wp-content/uploads/2018/05/Code-Of-Banking-Practice-A4-PDF-FINAL.pdf.

Asprey (2005), p. 9.

National Consumer Credit Protection Act 2009, s 184(1).

Legal Profession Uniform Law Application Act 2014 (NSW), s 181(2)(a).

Article 5.

Fair Trading Act 1986, s 2 (1), the definition of “transparent”.

Fair Trading Act 1986, s 46L… .

Zarsky (2019).

Hoofnagle et al. (2018), p. 5.

Schwartz and Peifer (2017), p. 144.

Data Protection Working Party (2018), p. 14.

https://gdpr-info.eu/issues/consent/.

Hoofnagle et al. (2018), p. 17.

GDPR, Article 6, 1(b).

GDPR, Article 5, 1(b).

https://www.wired.com/story/how-a-new-era-of-privacy-took-over-your-email-inbox/.

The FRE and F-K tests were executed, as in many other empirical readability studies, using Microsoft Word software. See https://support.office.com/en-us/article/test-your-document-s-readability-85b4969e-e80a-4777-8dd3-f7fc3c8b3fd2.

Calderón and Smith (2007), p. 21.

Alexander (2000), p. 938.

Rogers et al. (2007), p. 185; Long and Christensen (2011), p. 147.

See for instance, Lloyd (1986), p. 689 (‘Plain English’ is defined as a text with a score of 60 or better).

See for instance, Narwani et al. (2016), p. 603.

McClure (1987), p. 12.

https://www.valuewalk.com/2018/07/privacy-policy-updates-gdpr/.

https://www.wired.com/story/how-a-new-era-of-privacy-took-over-your-email-inbox/.

https://www.wired.com/story/how-gdpr-affects-you/.

https://www.valuewalk.com/2018/07/privacy-policy-updates-gdpr/.

Marotta-Wurgler and Davis (2019).

https://www.visiblethread.com/2017/09/the-gdpr-and-plain-language-how-to-be-compliant/.

Milne et al. (2006), p. 243.

Milne et al. (2006), p. 245.

https://www.bbc.com/news/business-44599968.

Graber et al. (2002), p. 644.

Graber et al. (2002), p. 645.

https://www.commonsense.org/education/blog/its-not-you-privacy-policies-are-difficult-to-read.

https://www.wired.com/story/how-gdpr-affects-you/.

Milne et al. (2006).

Becher and Unger-Aviram (2010).

McDonald and Cranor (2008–2009).

https://www.ted.com/talks/finn_myrstad_how_tech_companies_deceive_you_into_giving_up_your_data_and_privacy/up-next?language=en.

Austin et al. (2018).

Contissa et al. (2018).

See https://support.alexa.com/hc/en-us/articles/00449744.

Reidenberg et al. (2015), p. 54; Marine-Roig (2014), p. 386.

https://blog.alexa.com/top-6-myths-about-the-alexa-traffic-rank/.

https://aws.amazon.com/alexa-top-sites/.

https://docs.microsoft.com/en-us/office/vba/api/word.readabilitystatistics.

https://support.microsoft.com/en-us/help/292069/readability-statistics-incorrect-or-missing-in-word.

Payne et al. (2000), p. 1792; Health and Safety Executive, Evaluation of Product Documentation Provided by Suppliers of Hand Held Power Tools, p. 14 available at http://www.hse.gov.uk/research/rrpdf/rr714.pdf.

Benoliel and Becher (2019).

Masson and Waldron (1994); Kelley et al. (2010); Seizov et al. (2019), p 161.

Wydick (2005), Garner (2013) and Kimble (2002).

McIntyre (1996) and Nirmaldasan (2012).

Benoliel and Becher (2019).

Marotta-Wurgler and Taylor (2013).

ECJ, Árpád Kásler, Hajnalka Káslerné Rábai v OTP Jelzálogbank Zrt, Judgement [2014] Case C-26/13, 30 April 2014 [(Kásler)], para.75.

100

Austin et al. (2018) and Contissa et al. (2018).

101

Becher et al. (2019).

102

Becher et al. (2019).

103

For a recent more general analysis see Reidenberg et al. (2019).

104

Masson and Waldron (1994) and Kelley et al. (2010).

105

Hoffman (2018).

Abril P, Blázquez F, Evora J (2018) The right of withdrawal in consumer contracts: a comparative analysis of American and European law. Indret 3:1–56

Alexander R (2000) Readability of published dental educational material. J Am Dent Assoc 131(7):937–942CrossRef

Asprey M (2005) Plain language for lawyers, 3rd edn. Federation Press, Sydney

Austin LM, Lie D, Sun P et al (2018) Towards dynamic transparency: the AppTrans (transparency for android applications) project. SSRN Electr J:1–51

Balkin J (2018) Fixing Social Media’s Grand Bargain. Hoover Working Group on National Security, Technology, and Law, Aegis Series Paper No. 1814:1–20

Becher S, Unger-Aviram E (2010) The law of standard form contracts: misguided intuitions and suggestions for reconstruction. DePaul Bus Commer Law J 8:199–223

Becher S, Gao H, Harrison A et al (2019) Hungry for change: the law and policy of food health labeling. Wake Forest Law Rev 54:1305–1360

Benoliel U, Becher S (2019) The duty to read the unreadable. Boston College Law Rev 60:2255–2296

Bignami F, Resta G (2015) Transatlantic privacy regulation: conflict and cooperation. Law Contemp Probl 78:231–266

Calderón J, Smith S (2007) FONBAYS: a simple method for enhancing readability of patient information. Ann Behav Sci Med Educ 13(1):20–24.

Contissa G, Docter K, Lagioia F et al (2018) Claudette meets GDPR: automating the evaluation of privacy policies using artificial intelligence. SSRN Electr J:1–64

Data Protection Working Party (2018) Guidelines on consent under Regulation2016/679. WP259 rev.01:1–33

Felsenfeld C (1982–1983) The plain English movement in the United States. Can Bus Law J 6:408–421

Friman M (1994–1995) Plain English statutes: long overdue or underdone? Loyal Univ Consum Law Rev 7:103–112

Garner B (2013) Legal Writing in Plain Language English 27

Graber M, D’Alessandro D, Johnson-West J (2002) Reading level of privacy policies on Internet health Web sites. J Family Pract 52:642–645

Hoffman D (2018) Relational contract of adhesion. Chicago Law Rev 85:1395–1461

Hoofnagle C, van der Sloot B, Borgesius F (2018) The European general data protection regulation: what it is and what it means? UC Berkeley Public Law Research Paper, pp 1–40

Houser K, Voss G (2018) GDPR: the end of Google and Facebook or a new paradigm in data privacy? Richmond J Law Technol 25:1–109

Kelley P, Cesca L, Bresee J et al (2010) Standardizing privacy notices: an online study of the nutrition label approach. In: CyLab SIGCHI Conference on Human Factors in Computing Systems, New York, pp 1573–1582

Kimble J (1992) Plain English: A Charter for Clear Writing, Thomas M. Cooley Law Rev 9:11–14

Kimble J (2002) The elements of plain language. Mich Bar J Oct. 2002-44

Lloyd H (1986) Plain language statutes: plain good sense or plain nonsense? Law Library J 78(683):696

Long L, Christensen W (2011) Does the readability of your brief affect your chance of winning an appeal? J Appellate Pract Process 12(1):145–162

Marine-Roig E (2014) A webometric analysis of travel blogs and review hosting: the case of Catalonia. J Travel Tour Market 31:381–396CrossRef

Marotta-Wurgler F, Davis K (2019) Contracting for data. N Y Univ Law Rev 94:662–705

Marotta-Wurgler F, Taylor R (2013) Set in Stone? Change and innovation in standard-form contracts. N Y Univ Law Rev 88(1):240–245

Masson M, Waldron M (1994) Comprehension of legal contracts by non experts: effectiveness of plain language redrafting. Appl Cogn Psychol 8:67–85

McClure G (1987) Readability formulas: useful or useless? IEEE Trans Prof Commun 30(1):12–15CrossRef

McDonald A, Cranor L (2009) The cost of reading privacy policies. J Law Policy Inf Soc 4:543–568

Mcintyre B (1996) English News Writing 19

Milne G, Culnan M, Greene H (2006) A longitudinal assessment of online privacy notice readability. J Public Policy Mark 25(2):238–249CrossRef

Narwani V, Nalamada K, Lee M et al (2016) Readability and quality assessment of internet-based patient education materials related to laryngeal cancer. Head Neck 38(4):601–605CrossRef

Payne S, Large S, Jarrett N et al (2000) Written information given to patients and families by palliative care units: a national survey. Lancet 355:1792–1792CrossRef

Pound R (1910) Law in books and law in action. Am Law Rev 44(1):12–36

Reidenberg J, Breaux T, Carnor L et al (2015) Disagreeable privacy policies: mismatches between meaning and users’ understanding. Berkeley Technol Law J 30(1):39–68

Reidenberg JR et al (2019) Trustworthy privacy indicators: grades, labels, certifications and dashboards. Wash Law Rev 96:1409–1460

Rogers R, Harrison KS, Shuman DW et al (2007) An analysis of miranda warnings and waivers: comprehension and coverage. Law Human Behav 31(2):177–192CrossRef

Ross S (1981) On legalities and linguistics: plain language legislation. Buffalo Law Rev 30:317–362

Rustad M, Koenig T (2018) Towards a global data privacy standard. Florida Law Rev 71:365–453

Schiess W (2003–2004) What plain language really is. Scribes J Legal Writ 9:43–75

Schwartz P (2013) The EU-US Privacy collision: a turn to institutions and procedures. Harv Law Rev 126:1966–2009

Schwartz P, Peifer K (2017) Transatlantic data privacy. Georgetown Law J 106:115–179

Seizov O, Wulf A, Luzak J (2019) The transparent trap: a multidisciplinary perspective on the design of transparent online disclosures in the EU. J Consum Policy 42:149–173CrossRef

Serafin A (1998) Kicking the legalese habit: the SEC’s plain English disclosure proposal. Loyola Univ Chicago Law J 29:681–717

Tene O (2008) What Google knows: privacy and internet search engines. Utah Law Rev 4:1433–1492

Timm P, Oswald D (1985) Plain English laws: symbolic or real? J Bus Commun 22:31–38CrossRef

Wydick R (2005) Plain English for Lawyers 36

Zarsky T (2019) Privacy and manipulation in the digital age. Theor Inq Law 20:157–188CrossRef

Amazon. AWS | Alexa Top Sites - Up-to-date lists of the top sites on the web. Available at https://aws.amazon.com/alexa-top-sites/. Accessed 12 February 2019

Calver T, Miller J (2018) Social site terms tougher than Dickens. BBC News. Available at https://www.bbc.com/news/business-44599968. Accessed 28 November 2018

Canadian Bankers Association (2000) Plain Language Mortgage Documents. Available at https://www.bmo.com/pdf/9243738PlainLangMortDocs_en.pdf. Accessed 30 November

Canadian Bankers Association (2015) Voluntary commitments and codes of conduct. Available at https://www.cba.ca/voluntary-commitments-and-codes-of-conduct?l=en-us. Accessed 30 November 2018

EUGDPR. The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Key Changes with the General Data Protection Regulation. Available at https://eugdpr.org/. Accessed 26 November 2018

Fergal (2018) The GDPR & Plain Language – What You Need To Do To Comply. VisibleThread. Available at https://www.visiblethread.com/2017/09/the-gdpr-and-plain-language-how-to-be-compliant/. Accessed 26 November 2018

Federal Trade Commission (2017) Franchise Rule. Available at https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/franchise-rule. Accessed 26 November 2018.

GDPR Key Changes. Key Changes with the General Data Protection Regulation – EUGDPR. Available at https://eugdpr.org/the-regulation/. Accessed 26 November 2018

General Data Protection Regulation (GDPR). Consent. Available at https://gdpr-info.eu/issues/consent/. Accessed 26 November 2018

Lee I (2018) It’s Not You; Privacy Policies Are Difficult to Read. Common Sense Education. Available at https://www.commonsense.org/education/blog/its-not-you-privacy-policies-are-difficult-to-read. Accessed 26 November 2018

Markram R (2018) What is the data protection bill? Available https://www.markellaw.co.uk/insights/what-is-the-data-protection-bill/. Accessed 17 June 2020

Myrstad FL-H (2018) How tech companies deceive you into giving up your data and privacy. ted. Available at https://www.ted.com/talks/finn_myrstad_how_tech_companies_deceive_you_into_giving_up_your_data_and_privacy/up-next?language=en. Accessed 26 November 2018

Microsoft. Readability Statistics object (Word). Available at https://docs.microsoft.com/en-us/office/vba/api/word.readabilitystatistics. Accessed 12 February 2019

Microsoft. Readability statistics incorrect or missing in Word. Available at https://support.microsoft.com/en-us/help/292069/readability-statistics-incorrect-or-missing-in-word. Accessed 12 February 2019

Microsoft. Test your document’s readability. Available at https://support.office.com/en-us/article/test-your-document-s-readability-85b4969e-e80a-4777-8dd3-f7fc3c8b3fd2. Accessed 12 February 2019

New Zealand Bankers Association (2018) What you can expect from your bank The Code of Banking Practice. Available at http://www.nzba.org.nz/wp-content/uploads/2018/05/Code-Of-Banking-Practice-A4-PDF-FINAL.pdf. Accessed 30 November 2018

Nirmaldasan (2012) Longer the Sentence, Greater the Strain, Readability Monitor. Available at https://strainindex.wordpr ess.com/2012/04/30/longer-the-sentence-greater-the-strain/. Accessed 26 April 2019

Orelind G (2017) Top 6 Myths about the Alexa Traffic Rank. In: Alexa Blog. https://blog.alexa.com/top-6-myths-about-the-alexa-traffic-rank/. Accessed 12 February 2019

Raza S (2018) GDPR Has Changed Privacy Policies Updates at Google, Reddit, Facebook. ValueWalk. Available at https://www.valuewalk.com/2018/07/privacy-policy-updates-gdpr/. Accessed 24 November 2018

S L (2016) What is the “splinternet”? The Economist. Available at https://www.economist.com/the-economist-explains/2016/11/22/what-is-the-splinternet. Accessed 24 November 2018

Tiku N (2018) Why Your Inbox Is Crammed Full of Privacy Policies. Wired. Available at https://www.wired.com/story/how-a-new-era-of-privacy-took-over-your-email-inbox/. Accessed 26 November 2018

Yeomans L (2009) Evaluation of product documentation provided by suppliers of hand held power tools. Health and Safety Executive. Available at http://www.hse.gov.uk/research/rrpdf/rr714.pdf. Accessed 12 February 2019

Title: Law in Books and Law in Action: The Readability of Privacy Policies and the GDPR
Authors: Shmuel I. Becher
Uri Benoliel
Publisher: Springer International Publishing
Book: Consumer Law and Economics
Print ISBN: 978-3-030-49027-0

Electronic ISBN: 978-3-030-49028-7

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-49028-7_9

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"