Privacy Policies of Digital Platforms and Compliance under the GDPR

With the increasing prevalence of digital platforms and the growing concerns about data privacy, the EU’s General Data Protection Regulation (GDPR) stands as a landmark legislation for ensuring user’s privacy rights in the online environment. Many of today’s most successful companies operate as digital platforms, collecting and processing vast amounts of personal data at an unprecedented scale. Under the GDPR, companies are required to inform individuals about the collection and processing of their personal data, with Articles 13 and 14 establishing a detailed list of information to be provided. This information should be provided in a “concise, transparent, intelligible and easily accessible form, using clear and plain language”. This thesis discusses the important role of privacy policies in communicating this information effectively and demonstrating compliance with the GDPR’s core principles and provisions. Common challenges include complex language, lack of specificity, and insufficient disclosure of data processing practices. We assess the extent to which digital platforms adhere to GDPR requirements in their privacy policies, and identify common practices and areas of non-compliance. By improving the transparency and user-friendliness of their privacy policies, companies can foster greater trust and accountability in their data handling practices, ultimately contributing to a more privacy respecting digital ecosystem.