How GDPR has impacted privacy policies [infographic]

Earlier this year the European Union enacted the General Data Protection Regulation, also known as GDPR. The privacy regulation brought about big changes that stretched far beyond the European Union (EU).

Below, learn what GDPR is, what it means for marketers, and how it’s already having an affect on some of the biggest names in technology.

What is GDPR?

GDPR is a privacy law with the aim of increasing transparency around the way companies collect and use the personal data of users.

The implementation of GDPR affected both marketers and their organizations. For starters, noncompliance to the new regulation can result in a fine of up to 4 percent of annual global revenue, or €20 million—whichever is greater.

The privacy regulation also made major changes to the way data protection is handled within the European Union. Some changes include mandatory breach notifications, regulations around consent for the processing of personal data, and the mandatory appointment of a data protection officer.

What Does GDPR Mean for Marketers?

The privacy regulation will mean that marketers must change the way they collect, process, and store the personal data of citizens within the European Union. Especially important to note is that while the regulation only affects EU citizens, it affects companies and organizations outside of the European Union. This is because the regulation applies to all companies that deal with citizens that reside in the EU. So, if you’re collecting information from users in London, GDPR applies to you, even if your physical location is New York.

As such, some of the top organizations in tech have had to update their privacy policies to reflect GDPR changes, even though companies are not located within the European Union. Below, see how GDPR has affected their policies.

How Did GDPR Affect Privacy Policies?

To help you better understand how the implementation of the privacy regulation affected privacy policies, Varonis took a look at how privacy policies have changed since GDPR. Specifically, we looked at how the implementation of privacy policies affected some major players in the tech industry in the following ways:

  • Word count – The number of words within a privacy policy
  • Reading time – The length it takes to read a privacy policy from end-to-end
  • Reading level – The reading grade level of a privacy policy

Typically, to be read and understood by the general public, a piece of content should be around a reading level of 8.

So, just how did GDPR affect the privacy policies of major tech companies?

Surprisingly, considering that the regulation was meant to increase transparency and understanding around the way data is used, our research found that the majority of privacy policies increased in most of the metrics mentioned above.

In fact, the average word count increase came in just under 26 percent, and the average change in reading level clocked in just under 4 percent. Some companies, like Wikipedia and eBay, increased their metrics dramatically. Check out our quick synopsis below, or look at our full infographic at the end of the post for a visual comparison.

  • GoogleWhile the reading level of Google’s privacy policy changed, both the reading time and the word count went up. Additionally, Google’s privacy policy is 14, much higher than the recommended 8.
  • Facebook. While the reading level of Facebook’s privacy policy increased two grades to a total of 13, both the word count and the reading time went down.
  • Reddit. The word count of Reddit’s privacy policy decreased, as did the reading
    time—by a total of 10 minutes! The reading level remained unchanged at 12.
  • Amazon. GDPR’s implementation affected Amazon’s privacy policy negatively across the board — the word count, reading time, and reading grade level all increased.
  • Wikipedia. Wikipedia’s privacy policy was impacted poorly by GDPR; the word count increased almost 95 percent, and the reading time increased a more than 13 minutes. While the reading grade level actually went down, it still clocks in at a 14.
  • Yahoo. Yahoo’s privacy policy also saw an increase of word count and reading time; the reading grade level reduced from a level 14 to a level 13.
  • Twitter. Twitter’s privacy policy saw an increase in both reading time and word count; the reading grade level remained unchanged.
  • eBay. The reading level of eBay’s privacy policy increased to grade levels, coming in at a 20—a full 12 grade levels above the recommended reading level for the general
    population, and the highest reading level of the policies on the list. Additionally, the word count and reading time increased.
  • Instagram. Instagram’s privacy policy saw an increase across the board — in word
    count, reading time, and reading grade level.
  • Netflix. The reading time, word count, and reading grade level of Netflix’s privacy policy all increased.

Overall, eBay was the worst offender following GDPR, with the highest word count, reading time, and reading level. Wikipedia’s word count increase clocked in at the highest percentage increase across the board, at almost 95 percent

Yahoo made the most significant improvement after GDPR, as the company with the lowest word count and reading time.

What Do Privacy Policy Changes Mean for You?

As an individual user, these privacy policy changes aim to increase the transparency around how your data is used, which is a good thing. As a marketer, however, the implementation of GDPR will change the way you do business. Most notably, it will change how marketers are able to obtain the personal information of users, and how they use it.

Certain types of marketing that were frowned upon but mostly ignored before, such as buying email lists, will largely be halted as companies become GDPR compliant. While the privacy regulation may be a shock to marketers at first, the end result will be better marketing tactics.

Additionally, the privacy regulation will raise the standards of marketers, and give users the privacy protection they both want and deserve.

Check out this infographic below by Varonis to learn more about how the word count, reading time and reading grade level and privacy policies of the most trafficked sites were before and after GDPR.

how privacy policies have changed since gdpr infographic compressed

This infographic was created by Varonis.