Privacy policies of tech giants 'still not GDPR-compliant'

Privacy policies from companies including Facebook, Google and Amazon don’t fully meet the requirements of th European Union's General Data Protection Regulation (GDPR), according to the pan-European consumer group BEUC. An analysis of policies from 14 of the largest internet companies shows they use unclear language, claim “potentially problematic” rights, and provide insufficient information for users to judge what they are agreeing to. “A little over a month after the GDPR became applicable, many privacy policies may not meet the standard of the law,” said Monique Goyens, BEUC’s director general. “This is very concerning. It is key that enforcement authorities take a close look at this.” 

The identified problems include:

• Not providing all the information which is required under the GDPR’s transparency obligations. For example companies do not always inform users properly regarding the third parties with whom they share or get data from.
• Processing of personal data not happening according to GDPR requirements. For instance, a clause stating that the user agrees to the company’s privacy policy by simply using its website.
• Policies are formulated using vague and unclear language, which makes it very hard for consumers to understand the actual content of the policy and how their data is used in practice.