Tech giants are failing to comply with the new European privacy rules, according to a study conducted by the consumer group BEUC. The report states that the policies of Apple, Google, Facebook, and Amazon are vague and unclear.
BEUC used artificial intelligence (AI) to analyse the privacy policies of 14 tech companies, and concluded that the most popular firms are failing to observe the new laws. The AI examined more than 80,000 words in total and found that many T&Cs were “vague” and “insufficient.”
The investigation follows reports of legal complaints against Facebook, Instagram, Whatsapp and Google. Noyb, a European consumer rights organisation, argued that the tech giants had breached the law that consent should be freely given and not forced.
"A little over a month after the GDPR became applicable, many privacy policies may not meet the standard of the law. This is very concerning. It is key that enforcement authorities take a close look at this," Monica Goyens, director general of the European commented.
BEUC criticised the tech companies for providing insufficient information for users to fully comprehend how their data is being used. Facebook only states that data like religious and political views are protected categories, but the platform fails to tell users how they might use this sensitive data.
The AI tool has the power to scrutinise policies sentence-by-sentence. Google's policy states that “we collect information about your activity in our services, which we use to do things like recommend a YouTube video you might like," and was criticised for not specifying what the data is actually being used for.
Amazon tells users that “our business changes constantly and our Privacy Notice will change also.” The system flagged this up as “problematic permissions” as it implies that the tech giant can alter its policy without user consent.
If tech firms fail to cooperate with the authorities, they could face hefty fines of up to 4% of their annual turnover. BEUC aims to create an AI model to automatically scan privacy policies that fail to meet GDPR standards.