ABSTRACT
Under the GDPR, controllers must be transparent and provide individuals with details about the way in which they process those individuals’ personal data. This is typically done using a privacy notice. The transparency obligation is often described as being fundamental to the operation of the wider data protection framework. This article analyses the results of a new study that used freedom of information laws to obtain information from a range of UK public authorities about traffic on their website. The study shows that few individuals in the UK read website privacy notices and, those that do, do not read them properly. In particular, only 1 in 200 website visitors looked the privacy notice for the site and those that did only spent 48 seconds on that page on average. This would only allow them to read a maximum of 5% of that notice. These findings are consistent with many previous studies. The article considers whether privacy notices still provide a valuable function due to the effect of the ‘informed minority’. It also considers why regulatory action is driving controllers to produce longer and longer privacy notices, and what steps controllers can take to provide meaningful and useful information to individuals.
€
Patrick O’Connell and Peter Church, No One Reads Privacy Notices. So Why Do We Have Them?, Global Privacy Law Review, volume 5, issue 4 [pre-publication] pp 1-6 (2025).
Leave a Reply