GDPR and the cloud: examining readability deficiencies in cloud computing providers’ privacy policies

IF 2.2 4区管理学 Q2 PUBLIC ADMINISTRATION Policy Studies Pub Date : 2022-10-02 DOI:10.1080/01442872.2022.2129046

Lei Gao, C. Eller, Austin F. Eggers

{"title":"GDPR and the cloud: examining readability deficiencies in cloud computing providers’ privacy policies","authors":"Lei Gao, C. Eller, Austin F. Eggers","doi":"10.1080/01442872.2022.2129046","DOIUrl":null,"url":null,"abstract":"ABSTRACT There have been concerns about data privacy and protection internationally. This has led to the development of policy tools, such as the General Data Protection Regulations (GDPR), but there remains limited evaluation of the effectiveness of the policies. The purpose of this study is to examine cloud computing privacy policies in order to determine how they changed in response to GDPR. Specifically, we focus on the EU’s mandate for “clear and plain language” by scrutinizing various content characteristics. In order to examine the response to the changes enacted by GDPR, we conduct a content analysis of cloud computing firm privacy policies from three periods. Results indicate that despite a mandate for “clear and plain language,” the readability of the privacy policies post-GDPR did not improve. Surprisingly, many privacy policies examined showed a significant decrease in readability. Additionally, the use of uncertainty language and litigious language also increased in certain areas. The findings outlined in this study are informative for policy makers, businesses interested in minimizing risks associated with GDPR noncompliance, and individuals whose data is subject to GDPR. These findings also point to the challenges faced by organizations in developing effective policies in the realm of digital governance.","PeriodicalId":47179,"journal":{"name":"Policy Studies","volume":"3 1","pages":"832 - 854"},"PeriodicalIF":2.2000,"publicationDate":"2022-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Policy Studies","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1080/01442872.2022.2129046","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"PUBLIC ADMINISTRATION","Score":null,"Total":0}

引用次数: 1

Abstract

ABSTRACT There have been concerns about data privacy and protection internationally. This has led to the development of policy tools, such as the General Data Protection Regulations (GDPR), but there remains limited evaluation of the effectiveness of the policies. The purpose of this study is to examine cloud computing privacy policies in order to determine how they changed in response to GDPR. Specifically, we focus on the EU’s mandate for “clear and plain language” by scrutinizing various content characteristics. In order to examine the response to the changes enacted by GDPR, we conduct a content analysis of cloud computing firm privacy policies from three periods. Results indicate that despite a mandate for “clear and plain language,” the readability of the privacy policies post-GDPR did not improve. Surprisingly, many privacy policies examined showed a significant decrease in readability. Additionally, the use of uncertainty language and litigious language also increased in certain areas. The findings outlined in this study are informative for policy makers, businesses interested in minimizing risks associated with GDPR noncompliance, and individuals whose data is subject to GDPR. These findings also point to the challenges faced by organizations in developing effective policies in the realm of digital governance.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

GDPR和云:检查云计算提供商隐私政策的可读性缺陷

国际上一直存在对数据隐私和保护的关注。这导致了政策工具的发展，例如通用数据保护条例(GDPR)，但对政策有效性的评估仍然有限。本研究的目的是研究云计算隐私政策，以确定它们如何响应GDPR而发生变化。具体来说，我们通过审查各种内容特征来关注欧盟对“清晰易懂的语言”的要求。为了检验对GDPR颁布的变化的反应，我们对三个时期的云计算公司隐私政策进行了内容分析。结果表明，尽管有“清晰易懂的语言”的要求，但gdpr后隐私政策的可读性并没有提高。令人惊讶的是，许多被检查的隐私策略显示可读性明显下降。此外，在某些领域，不确定性语言和诉讼语言的使用也有所增加。本研究概述的研究结果对政策制定者、有意将与GDPR违规相关的风险降至最低的企业以及数据受GDPR约束的个人具有参考价值。这些发现还指出了组织在数字治理领域制定有效政策时所面临的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Policy Studies PUBLIC ADMINISTRATION-

CiteScore

5.40

自引率

4.50%

发文量

期刊介绍： These changes at the structural level of the global system have impacted upon the work of public organizations either directly or indirectly and have broadened the field of action in policy studies. It has five main areas of intellectual interest: 1.To broaden the lens of policy analysis through the publication of research which locates policy-making within a theoretical, historical or comparative perspective. 2.To widen the field of enquiry in policy analysis through the publication of research that examines policy issues in a British, comparative, international or global context. 3.To promote constructive debate on theoretical, methodological and empirical issues in policy analysis.