A recent study shows that many data privacy statements are not sufficiently comprehensible. Accordingly, Internet users often do not read the privacy policies. But personal data protection can suffer as a result.

Data protection declaration my ass

Online offers such as websites and webshops must have a privacy policy, which is not only required by the General Data Protection Regulation (DSGVO). Nevertheless, there are still websites that do not publish a „privacy policy“. Other online services do have a privacy policy, but it does not deserve its name: it does not explain data protection – at least not in the way that would be required for normal Internet users.

Survey shows inadequate explanations

A recent study examined the privacy policies of leading social media platforms. Their users were also surveyed to find out how readable the privacy statements really are. The age groups that may use the respective social media platform were taken into account.

Here are some of the findings:

87% of people accept privacy policies without reading them.
TikTok’s privacy policy, for example, requires a reading age of 17+, despite the option to sign up for it from age 13.
On average, it takes more than 47 minutes to read the social media privacy policy. TikTok, WhatsApp and LinkedIn privacy policies are among the longest.
API (62%), cookies (57%), third-party providers (53%), and IP address (46%) top the list of privacy policy jargon that people don’t understand. Apparently, most Internet users avoid reviewing privacy statements because they are too complex, too long, and incomprehensible. Thus, privacy statements do not comply with the requirements of the GDPR. In addition, users cannot make use of their rights. This is because data use is not transparent for them.

Understanding data privacy to be able to protect your own data

If you read a data protection declaration and don’t understand something, many colleagues are sure to feel the same way. Therefore, ask your contact person in the company for data protection and ask for an explanation. This is the only way you and the other employees in the company can really make use of your rights and consciously refrain from using an online service because you do not agree with the data
protection practiced there. At this point, we would like to explain the terms that are particularly incomprehensible to many people.

Do you have a clear understanding of data protection declarations?
Take the test!

Can you tell what is behind API, cookies, third-party providers and IP address? Think about it first and then read the resolution!

Question: Do you know what „API“ means?

API stands for Application Programming Interface, that is, an interface through which the online service used can be connected to other applications. Such interfaces can be used, for example, to transfer personal data from the website used to other applications. The question here is to whom and for what purpose the data should be transferred.

Question: What do cookies actually do?

Cookies are used by Internet and multimedia applications to store information locally on the user’s computer or smartphone. Cookies usually carry a unique identifier (cookie ID) in order to be able to assign the stored information to a specific computer or smartphone. However, identification of the user could also be possible via the identification of the device if the cookie ID can be linked to further userspecific
personal data. Cookies that are not necessary for technical reasons (for example, for the shopping cart in an online store) require the informed consent of the user concerned.

Question: What exactly are third-party providers?

Third-party providers are other companies that may receive user data from the website operator. Certain third-party products or services also process users‘ personal data collected for the purposes of the respective website provider for their own purposes. The question here is whether the user has been precisely informed about this and has consented to it at all. Otherwise, there is no legal basis for transferring the data to third-party providers.

Question: What is behind the IP address?

An IP address (IP stands for Internet Protocol) uniquely identifies the sender and receiver of data packets on the Internet, similar to a postal address. It reveals information about the Internet provider and the location of the computer. The Internet provider, in turn, can also use it to track the data flow of its customers. IP addresses can be directly or indirectly linked to users and are therefore classified as personal. IP addresses are subject to data protection and may not be stored and evaluated in full for marketing purposes without further ado.