Impact of GDPR on the informativeness and omissions of privacy policy disclosures

Determine the extent to which General Data Protection Regulation (GDPR) requirements contribute to enabling more informative answers to user privacy questions based on disclosures in mobile application privacy policies, and ascertain the extent to which GDPR-compliant privacy policy disclosures continue to omit issues that matter to users.

Background

The PrivacyQA corpus comprises privacy policies from 35 mobile applications collected before April 1, 2018, predating many companies' GDPR-focused updates. Because the dataset precedes GDPR implementation, the authors highlight uncertainty about how GDPR may affect the informativeness of policy disclosures and the ability to answer user privacy questions.

GDPR introduced legal requirements that could change the content and clarity of privacy policies. The authors explicitly leave to future studies the task of measuring how much GDPR facilitates providing more informative answers from policies and whether, despite GDPR, disclosures still omit user-relevant issues.

References

We leave it to future studies to look at the impact of the GDPR (e.g., to what extent GDPR requirements contribute to making it possible to provide users with more informative answers, and to what extent their disclosures continue to omit issues that matter to users).

Question Answering for Privacy Policies: Combining Computational and Legal Perspectives (1911.00841 - Ravichander et al., 2019) in Section 3: Data Collection (footnote following the note on policies collected before April 1, 2018 and GDPR-focused updates)