Though the privacy-protecting GDPR regulation entered force just over a month ago, evidence has emerged that tech titans including Facebook, Amazon and Google may not yet be fully compliant.
The pan-European consumer group BEUC has, in analyzing privacy policies of 14 leading internet companies, found signs of unclear language and “potentially problematic” rights. Troublingly, some firms have also provided too few details about what their users are actually agreeing to.
BEUC director general Monique Goyens suggested that “many privacy policies may not meet the standard of the law”. She added: “It is key that enforcement authorities take a close look at this.”
The “very concerning” issues uncovered by BEUC include Amazon’s warning that “our business changes constantly and our Privacy Policy will change also”. By BEUC’s reckoning, “problematic permissions” like this could let a company tinker with its privacy policies bar the securing of extra consent.
However, Amazon has provided a statement calling its protection of customer privacy “a top priority”, pointing to a “new Privacy Help page that shows users how they can easily manage and access their information across our retail, entertainment services, and devices”.
Google notified The Guardian: “We have updated our Privacy Policy in line with the requirements of the GDPR, providing more detail on our practices and describing the information that we collect and use, and the controls that users have, in clear and plain language.”