Abstract
The most systematic legislative attempt to make more order in the chaotic world of privacy is the EU General Data Protection Regulation (GDPR). The primary objective of the GDPR is to level the playing field and give individuals more control over their personal data. Among other things, the GDPR aspires to force companies to be more transparent around data collection and usage. Along these lines, the GDPR requires firms to clearly communicate privacy terms to end users by using “clear and plain language” in their privacy agreements. In this study we ask whether, half a year post-GDPR, firms offer users online privacy agreements that are written in a readable manner. To that end, we empirically examine the readability of privacy policies of 300 highly popular websites. The results indicate that in spite of the GDPR’s requirement, users often encounter privacy policies that are largely unreadable. After presenting the empirical results we further discuss the legal and policy implications of our findings.
Alluding to Pound (1910).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Cf. Balkin (2018).
- 2.
Tene (2008).
- 3.
Hoofnagle et al. (2018), p. 2.
- 4.
Schwartz and Peifer (2017).
- 5.
Hoofnagle et al. (2018), pp. 2–3, and 6.
- 6.
Abril et al. (2018), p. 30.
- 7.
Markram (2018).
- 8.
Rustad and Koenig (2018), p. 68.
- 9.
Hoofnagle et al. (2018), p. 3.
- 10.
Rustad and Koenig (2018).
- 11.
- 12.
- 13.
Rustad and Koenig (2018).
- 14.
Hoofnagle et al. (2018), pp. 2, 4, 6, 32–33.
- 15.
Rustad and Koenig (2018).
- 16.
- 17.
Houser and Voss (2018).
- 18.
- 19.
Hoofnagle et al. (2018), p. 5.
- 20.
Rustad and Koenig (2018), p. 88.
- 21.
- 22.
- 23.
- 24.
16 C.F.R. § 436.6(b).
- 25.
16 C.F.R. § 436.1(o).
- 26.
17 C.F.R. § 230.421.
- 27.
29 U.S.C. § 1022(a).
- 28.
12 C.F.R. § 205.4; 15 U.S.C. § 2302(a).
- 29.
45 C.F.R. 164.520(b)(1).
- 30.
15 U.S.C. § 1632(a); 12 C.F.R. § 213.3(a) (Consumer Leasing Act); 12 C.F.R. § 1024.32(a)(1) (Real Estate Settlement Procedures Act of 1974); 12 C.F.R. § 1030.3(a) (Truth in Savings Act).
- 31.
- 32.
Lloyd (1986), p. 687.
- 33.
See, for instance, Mont. Code Ann. § 30-14-1103 (West 2015).
- 34.
See, for instance, Con. Gen. Stat. Ann. § 42-152(c)(1), (2) & (5) (West 2015).
- 35.
Asprey (2005), p. 62.
- 36.
- 37.
- 38.
- 39.
- 40.
Asprey (2005), p. 9.
- 41.
National Consumer Credit Protection Act 2009, s 184(1).
- 42.
Legal Profession Uniform Law Application Act 2014 (NSW), s 181(2)(a).
- 43.
Article 5.
- 44.
Fair Trading Act 1986, s 2 (1), the definition of “transparent”.
- 45.
Fair Trading Act 1986, s 46L… .
- 46.
Zarsky (2019).
- 47.
Zarsky (2019).
- 48.
Hoofnagle et al. (2018), p. 5.
- 49.
Schwartz and Peifer (2017), p. 144.
- 50.
Data Protection Working Party (2018), p. 14.
- 51.
- 52.
Hoofnagle et al. (2018), p. 17.
- 53.
GDPR, Article 6, 1(b).
- 54.
GDPR, Article 5, 1(b).
- 55.
- 56.
- 57.
The FRE and F-K tests were executed, as in many other empirical readability studies, using Microsoft Word software. See https://support.office.com/en-us/article/test-your-document-s-readability-85b4969e-e80a-4777-8dd3-f7fc3c8b3fd2.
- 58.
Calderón and Smith (2007), p. 21.
- 59.
Alexander (2000), p. 938.
- 60.
- 61.
See for instance, Lloyd (1986), p. 689 (‘Plain English’ is defined as a text with a score of 60 or better).
- 62.
See for instance, Narwani et al. (2016), p. 603.
- 63.
McClure (1987), p. 12.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
Marotta-Wurgler and Davis (2019).
- 70.
- 71.
- 72.
Milne et al. (2006), p. 243.
- 73.
Milne et al. (2006), p. 245.
- 74.
- 75.
- 76.
Graber et al. (2002), p. 644.
- 77.
Graber et al. (2002), p. 645.
- 78.
- 79.
- 80.
Milne et al. (2006).
- 81.
Becher and Unger-Aviram (2010).
- 82.
McDonald and Cranor (2008–2009).
- 83.
- 84.
Austin et al. (2018).
- 85.
Contissa et al. (2018).
- 86.
- 87.
- 88.
- 89.
- 90.
- 91.
- 92.
Payne et al. (2000), p. 1792; Health and Safety Executive, Evaluation of Product Documentation Provided by Suppliers of Hand Held Power Tools, p. 14 available at http://www.hse.gov.uk/research/rrpdf/rr714.pdf.
- 93.
Benoliel and Becher (2019).
- 94.
- 95.
- 96.
- 97.
Benoliel and Becher (2019).
- 98.
Marotta-Wurgler and Taylor (2013).
- 99.
ECJ, Árpád Kásler, Hajnalka Káslerné Rábai v OTP Jelzálogbank Zrt, Judgement [2014] Case C-26/13, 30 April 2014 [(Kásler)], para.75.
- 100.
- 101.
Becher et al. (2019).
- 102.
Becher et al. (2019).
- 103.
For a recent more general analysis see Reidenberg et al. (2019).
- 104.
- 105.
Hoffman (2018).
References
Abril P, Blázquez F, Evora J (2018) The right of withdrawal in consumer contracts: a comparative analysis of American and European law. Indret 3:1–56
Alexander R (2000) Readability of published dental educational material. J Am Dent Assoc 131(7):937–942
Asprey M (2005) Plain language for lawyers, 3rd edn. Federation Press, Sydney
Austin LM, Lie D, Sun P et al (2018) Towards dynamic transparency: the AppTrans (transparency for android applications) project. SSRN Electr J:1–51
Balkin J (2018) Fixing Social Media’s Grand Bargain. Hoover Working Group on National Security, Technology, and Law, Aegis Series Paper No. 1814:1–20
Becher S, Unger-Aviram E (2010) The law of standard form contracts: misguided intuitions and suggestions for reconstruction. DePaul Bus Commer Law J 8:199–223
Becher S, Gao H, Harrison A et al (2019) Hungry for change: the law and policy of food health labeling. Wake Forest Law Rev 54:1305–1360
Benoliel U, Becher S (2019) The duty to read the unreadable. Boston College Law Rev 60:2255–2296
Bignami F, Resta G (2015) Transatlantic privacy regulation: conflict and cooperation. Law Contemp Probl 78:231–266
Calderón J, Smith S (2007) FONBAYS: a simple method for enhancing readability of patient information. Ann Behav Sci Med Educ 13(1):20–24.
Contissa G, Docter K, Lagioia F et al (2018) Claudette meets GDPR: automating the evaluation of privacy policies using artificial intelligence. SSRN Electr J:1–64
Data Protection Working Party (2018) Guidelines on consent under Regulation2016/679. WP259 rev.01:1–33
Felsenfeld C (1982–1983) The plain English movement in the United States. Can Bus Law J 6:408–421
Friman M (1994–1995) Plain English statutes: long overdue or underdone? Loyal Univ Consum Law Rev 7:103–112
Garner B (2013) Legal Writing in Plain Language English 27
Graber M, D’Alessandro D, Johnson-West J (2002) Reading level of privacy policies on Internet health Web sites. J Family Pract 52:642–645
Hoffman D (2018) Relational contract of adhesion. Chicago Law Rev 85:1395–1461
Hoofnagle C, van der Sloot B, Borgesius F (2018) The European general data protection regulation: what it is and what it means? UC Berkeley Public Law Research Paper, pp 1–40
Houser K, Voss G (2018) GDPR: the end of Google and Facebook or a new paradigm in data privacy? Richmond J Law Technol 25:1–109
Kelley P, Cesca L, Bresee J et al (2010) Standardizing privacy notices: an online study of the nutrition label approach. In: CyLab SIGCHI Conference on Human Factors in Computing Systems, New York, pp 1573–1582
Kimble J (1992) Plain English: A Charter for Clear Writing, Thomas M. Cooley Law Rev 9:11–14
Kimble J (2002) The elements of plain language. Mich Bar J Oct. 2002-44
Lloyd H (1986) Plain language statutes: plain good sense or plain nonsense? Law Library J 78(683):696
Long L, Christensen W (2011) Does the readability of your brief affect your chance of winning an appeal? J Appellate Pract Process 12(1):145–162
Marine-Roig E (2014) A webometric analysis of travel blogs and review hosting: the case of Catalonia. J Travel Tour Market 31:381–396
Marotta-Wurgler F, Davis K (2019) Contracting for data. N Y Univ Law Rev 94:662–705
Marotta-Wurgler F, Taylor R (2013) Set in Stone? Change and innovation in standard-form contracts. N Y Univ Law Rev 88(1):240–245
Masson M, Waldron M (1994) Comprehension of legal contracts by non experts: effectiveness of plain language redrafting. Appl Cogn Psychol 8:67–85
McClure G (1987) Readability formulas: useful or useless? IEEE Trans Prof Commun 30(1):12–15
McDonald A, Cranor L (2009) The cost of reading privacy policies. J Law Policy Inf Soc 4:543–568
Mcintyre B (1996) English News Writing 19
Milne G, Culnan M, Greene H (2006) A longitudinal assessment of online privacy notice readability. J Public Policy Mark 25(2):238–249
Narwani V, Nalamada K, Lee M et al (2016) Readability and quality assessment of internet-based patient education materials related to laryngeal cancer. Head Neck 38(4):601–605
Payne S, Large S, Jarrett N et al (2000) Written information given to patients and families by palliative care units: a national survey. Lancet 355:1792–1792
Pound R (1910) Law in books and law in action. Am Law Rev 44(1):12–36
Reidenberg J, Breaux T, Carnor L et al (2015) Disagreeable privacy policies: mismatches between meaning and users’ understanding. Berkeley Technol Law J 30(1):39–68
Reidenberg JR et al (2019) Trustworthy privacy indicators: grades, labels, certifications and dashboards. Wash Law Rev 96:1409–1460
Rogers R, Harrison KS, Shuman DW et al (2007) An analysis of miranda warnings and waivers: comprehension and coverage. Law Human Behav 31(2):177–192
Ross S (1981) On legalities and linguistics: plain language legislation. Buffalo Law Rev 30:317–362
Rustad M, Koenig T (2018) Towards a global data privacy standard. Florida Law Rev 71:365–453
Schiess W (2003–2004) What plain language really is. Scribes J Legal Writ 9:43–75
Schwartz P (2013) The EU-US Privacy collision: a turn to institutions and procedures. Harv Law Rev 126:1966–2009
Schwartz P, Peifer K (2017) Transatlantic data privacy. Georgetown Law J 106:115–179
Seizov O, Wulf A, Luzak J (2019) The transparent trap: a multidisciplinary perspective on the design of transparent online disclosures in the EU. J Consum Policy 42:149–173
Serafin A (1998) Kicking the legalese habit: the SEC’s plain English disclosure proposal. Loyola Univ Chicago Law J 29:681–717
Tene O (2008) What Google knows: privacy and internet search engines. Utah Law Rev 4:1433–1492
Timm P, Oswald D (1985) Plain English laws: symbolic or real? J Bus Commun 22:31–38
Wydick R (2005) Plain English for Lawyers 36
Zarsky T (2019) Privacy and manipulation in the digital age. Theor Inq Law 20:157–188
Websites
Amazon. AWS | Alexa Top Sites - Up-to-date lists of the top sites on the web. Available at https://aws.amazon.com/alexa-top-sites/. Accessed 12 February 2019
Calver T, Miller J (2018) Social site terms tougher than Dickens. BBC News. Available at https://www.bbc.com/news/business-44599968. Accessed 28 November 2018
Canadian Bankers Association (2000) Plain Language Mortgage Documents. Available at https://www.bmo.com/pdf/9243738PlainLangMortDocs_en.pdf. Accessed 30 November
Canadian Bankers Association (2015) Voluntary commitments and codes of conduct. Available at https://www.cba.ca/voluntary-commitments-and-codes-of-conduct?l=en-us. Accessed 30 November 2018
EUGDPR. The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Key Changes with the General Data Protection Regulation. Available at https://eugdpr.org/. Accessed 26 November 2018
Fergal (2018) The GDPR & Plain Language – What You Need To Do To Comply. VisibleThread. Available at https://www.visiblethread.com/2017/09/the-gdpr-and-plain-language-how-to-be-compliant/. Accessed 26 November 2018
Federal Trade Commission (2017) Franchise Rule. Available at https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/franchise-rule. Accessed 26 November 2018.
GDPR Key Changes. Key Changes with the General Data Protection Regulation – EUGDPR. Available at https://eugdpr.org/the-regulation/. Accessed 26 November 2018
General Data Protection Regulation (GDPR). Consent. Available at https://gdpr-info.eu/issues/consent/. Accessed 26 November 2018
Lee I (2018) It’s Not You; Privacy Policies Are Difficult to Read. Common Sense Education. Available at https://www.commonsense.org/education/blog/its-not-you-privacy-policies-are-difficult-to-read. Accessed 26 November 2018
Markram R (2018) What is the data protection bill? Available https://www.markellaw.co.uk/insights/what-is-the-data-protection-bill/. Accessed 17 June 2020
Myrstad FL-H (2018) How tech companies deceive you into giving up your data and privacy. ted. Available at https://www.ted.com/talks/finn_myrstad_how_tech_companies_deceive_you_into_giving_up_your_data_and_privacy/up-next?language=en. Accessed 26 November 2018
Microsoft. Readability Statistics object (Word). Available at https://docs.microsoft.com/en-us/office/vba/api/word.readabilitystatistics. Accessed 12 February 2019
Microsoft. Readability statistics incorrect or missing in Word. Available at https://support.microsoft.com/en-us/help/292069/readability-statistics-incorrect-or-missing-in-word. Accessed 12 February 2019
Microsoft. Test your document’s readability. Available at https://support.office.com/en-us/article/test-your-document-s-readability-85b4969e-e80a-4777-8dd3-f7fc3c8b3fd2. Accessed 12 February 2019
New Zealand Bankers Association (2018) What you can expect from your bank The Code of Banking Practice. Available at http://www.nzba.org.nz/wp-content/uploads/2018/05/Code-Of-Banking-Practice-A4-PDF-FINAL.pdf. Accessed 30 November 2018
Nirmaldasan (2012) Longer the Sentence, Greater the Strain, Readability Monitor. Available at https://strainindex.wordpr ess.com/2012/04/30/longer-the-sentence-greater-the-strain/. Accessed 26 April 2019
Orelind G (2017) Top 6 Myths about the Alexa Traffic Rank. In: Alexa Blog. https://blog.alexa.com/top-6-myths-about-the-alexa-traffic-rank/. Accessed 12 February 2019
Raza S (2018) GDPR Has Changed Privacy Policies Updates at Google, Reddit, Facebook. ValueWalk. Available at https://www.valuewalk.com/2018/07/privacy-policy-updates-gdpr/. Accessed 24 November 2018
S L (2016) What is the “splinternet”? The Economist. Available at https://www.economist.com/the-economist-explains/2016/11/22/what-is-the-splinternet. Accessed 24 November 2018
Tiku N (2018) Why Your Inbox Is Crammed Full of Privacy Policies. Wired. Available at https://www.wired.com/story/how-a-new-era-of-privacy-took-over-your-email-inbox/. Accessed 26 November 2018
Yeomans L (2009) Evaluation of product documentation provided by suppliers of hand held power tools. Health and Safety Executive. Available at http://www.hse.gov.uk/research/rrpdf/rr714.pdf. Accessed 12 February 2019
Acknowledgement
We thank William Britton for excellent research assistance. We are also grateful to Anne-Lise Sibony, Tal Zarsky and the participants at the Consumer Law and Economics Conference at University of Lucerne (2019) for important comments and discussions on a previous draft.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Becher, S.I., Benoliel, U. (2021). Law in Books and Law in Action: The Readability of Privacy Policies and the GDPR. In: Mathis, K., Tor, A. (eds) Consumer Law and Economics. Economic Analysis of Law in European Legal Scholarship, vol 9. Springer, Cham. https://doi.org/10.1007/978-3-030-49028-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-49028-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-49027-0
Online ISBN: 978-3-030-49028-7
eBook Packages: Law and CriminologyLaw and Criminology (R0)