World’s Largest Tech Companies May Be Violating EU’s New Data Privacy Law


Some of the world’s largest technology companies might be breaking the European Union’s new data privacy law, according to an analysis of their policies conducted by artificial intelligence software.

Researchers from the European Union Institute in Florence worked with an EU consumer organization to create the software. They then used the program to examine the privacy policies of 14 major technology businesses, including by Alphabet Inc., Inc., and Facebook Inc. They found that a third of those clauses were “potentially problematic” or contained “insufficient information.” Another 11 percent of the policy’s sentences used unclear language, the academics said.
The researchers didn’t make public which companies’ policies violated which provisions of the law, publishing only aggregate findings for all of the companies in the study.

Clear and comprehensive explanations of what data a company collects, how it uses the data, and who it shares the information with, are key requirements of Europe’s new General Data Protection Regulation ( GDPR), a sweeping privacy law that took effect on May 25. In many cases, companies must get explicit consent from customers to hold and process their data. Companies that violate the new rule can face fines as high as four percent of global sales.

Among the problems found by the AI software — which is called “Claudette” — were policies that did not identify third parties a company might share personal data with, policies that stated users would be deemed to have agreed to a plan simply by using the company’s website and others that used vague and confusing language.

Monique Goyens, director general of BEUC, the Brussels-based European consumer organization, said the research was “very concerning” and urged EU regulators to look at the possible violations the researchers spotted. “Many privacy policies may not meet the standard of the law,” she said in a statement.

The software uses natural language processing, a subfield of machine learning aimed at understanding language, to compare the wording of companies’ policy documents to model policy clauses that have been developed by an EU body that represents all of the bloc’s national data protection authorities.

“AI can be used to keep companies in check and ensure people’s rights are respected,” Goyens said, adding that such software would make it easier for EU data privacy regulators to monitor the vast number of businesses they are now responsible for policing and to start legal action against those who break the law.
A spokesperson from Alphabet’s Google said the firm has updated its privacy policy and uses clear and plain language. An Amazon spokesperson said its policies are compliant with GDPR, and that users of its Alexa service are in control of their data. Facebook did not respond in time for publication.

The researchers said they chose companies including social media giants and gaming platforms because they are dominant in the dominant technology platforms in Europe. They “should be setting a good example for the market to follow,” the academics said in a statement.
The study was conducted in June, one month after the GDPR entered into force. Researchers say that many companies want consumers to agree to update their privacy policies in order to prepare for GDP. “Users, update politics and new approval requests are facing tsunami”, the researchers said. “It’s hard to judge whether your rights are respected or not.”

Legal warning !
The information, comments and suggestions there are not covered by investment advice. It is based on the author's personal opinions. These views may not fit your financial situation and risk and return preferences. For this reason, based solely on this information, investment decisions may not have the appropriate consequences for your expectation. Our Site is not responsible for any direct or indirect damages incurred by the investors as a result of the use of the information on the Site, deficiencies in the sources, damages incurred by profit, moral damages, or damage to third parties.