Have you ever clicked on a privacy statement at any other website and read it? If not, you are not alone. If yes, what can you recall now? Probably, you cannot recall much, as you decided not to read any similar texts ever instead. Why?
Because privacy statements usually are written in a way which breaks the rules in section 12 of GDPR. Where this very section demands a “clear and simple” kind of language, we often read supposedly accurate legal style. Where this very section demands a “precise, transparent, understandable, and easy accessible” form, formulations usually appear to be completely vague.
Recently, the French supervisory authority responsible for data protection imposed a financial penalty of €50 million against Google, among other things because of having violated section 12 of GDPR. Looking at its privacy statement, the decision proves to be the right one as the text leaves one wordless in amazement. Everyone should be aware of the fact that there is a strategic illegality “out there” in terms of strategic ambiguity. Google is not unable to formulate its privacy statement, but rather unwilling to do so.
This is also the case for many other companies. To the occasional readers of privacy statements: probably, the reading itself turned to be a disappointing experience not because of a lacking grasp, but the dishonesty of the big and small fish in the web.
We want to do better! Every user has the right to transparent information and communication. They are prescribed by law and therefore our duty and mission at the same time. As a result, the language used in this privacy statement should be commonly understandable. We are looking forward to your feedback: firstname.lastname@example.org.