‘We have updated our privacy policy’ - An analysis of the suitability of Privacy Policies, as End User License Agreements, to provide transparency as required in the General Data Protection Regulation

Abstract

The General Data Protection Regulation presents transparency as a tool for data subjects to become informed and in control of their privacy through their personal information. Within this thesis the possibility of providing transparency for data subjects, as required within GDPR, is questioned based on the suitability of using privacy policies formed as End User License Agreements (EULAs) as the tool providing transparency. Privacy policies as EULAs are argued to not be suitable for providing the adequate transparency, identified as required in order to meet the demands of the regulation, due to the issues inherent in the structure of EULAs as liability waivers, often with diffuse and ambiguous language as well as the fact that they are often not even read by the users. It is further argued that the structure and format of privacy policies need to diverge from the current form of EULAs and develop into more suitable forms enabling the data subject to easily comprehend the information aimed to be provided through the transparency requirement in the GDPR.