Pan-European consumer group BEUC has stated that privacy policies from some of the world’s largest tech companies still don’t meet the requirements of GDPR.
In an analysis of 14 of the largest internet companies, including Facebook, Google, and Amazon, the group states that policies still use unclear language, claim “potentially problematic” rights, and provide insufficient information for users.
Working on a sentence-by-sentence basis, the group flagged lines that they found to be vague or overreaching.
In the case of Google, the company tells users that, “we collect information about your activity in our services, which we use to do things like recommend a YouTube video you might like”, which was flagged as “unclear” as it does not specify what the information is used for.
Speaking to The Guardian, Google said that:
“We’ve also added new graphics and video explanations, structured the Policy so that users can explore it more easily, and embedded controls to allow users to access relevant privacy settings directly.”
BEUC intends to train an AI model with the European University Institute in Florence that will automatically scan privacy policies to detect clauses that fail to meet GDPR requirements.
Monique Goyens, BEUC’s director general said: “A little over a month after the GDPR became applicable, many privacy policies may not meet the standard of the law.”
She continued, saying that, “this is very concerning. It is key that enforcement authorities take a close look at this.”