Major online platforms are failing to meet GDPR requirements

Laptop padlockJust over a month after the General Data Protection Regulation (GDPR) came into force, some of the biggest tech companies are falling short of meeting the policies set out by the European Union (EU), according to new research.

A study from The European Consumer Organisation (BEUC) and researchers from the European University Institute in Florence, Italy found that some of the GDPR-related policies of major online services – including the likes of Facebook, Google, and Amazon – featured unclear language, ‘potentially problematic’ clauses, or provided ‘insufficient’ information.

Of 3,659 sentences worth of policy from 14 popular online companies, 401 sentences – or 11 per cent – were marked as containing unclear language, while 1,240 sentences – amounting to 33.9 per cent – contained potentially problematic clauses or clauses which lacked enough information.

Problems identified by researchers included companies not providing the required amount of information in order to meet GDPR’s transparency rules, personal data not being processed in a way that meets GDPR requirements, and policies created using vague language which could be difficult for consumers to understand.

“A little over a month after the GDPR became applicable, many privacy policies may not meet the standard of the law. This is very concerning,” said Monique Goyens, director general of The European Consumer Organisation. “It is key that enforcement authorities take a close look at this.”

On the back of the study – which also analysed Apple, Microsoft, WhatsApp, Twitter, Uber, Airbnb,, Skyscanner, Netflix, Stream, and Epic Games – the researchers are training a piece of artificial intelligence (AI) called ‘Claudette’ to detect when policies may be failing to meet GDPR requirements.

“We are confident AI will be an asset for consumer groups to monitor the market and ensure infringements do not go unnoticed,” said Goyens.

“We expect companies to respect consumers’ privacy and the new data protection rights. In the future, AI will help identify infringements quickly and on a massive scale, making it easier to start legal actions as a result.”