GDPR Updates Made Privacy Policies 33% Longer!

GDPR was supposed to make privacy disclosures more concise and readable. However, the average privacy policy increased 1,082 words when it was updated in May 2018 (over its predecessor at the start of 2018) according to the sample reviewed by Clarip.

It will now take the average reader 33% longer to read them – an increase of more than 4 minutes at an average pace of about 250 words a minute. At their present length of an average of 4,291 words, it should take the average person over 17 minutes to read each privacy policy they encounter. The earlier privacy policies of the companies in our sample, as measured around January 1st, was 3,208 words.

Much has been written about the sheer number of updates and emails that were sent out about them, but we have not seen many people analyzing them. Here is a scatter plot (excluding any word counts over 10,000) which demonstrates the increase in the word count of disclosures:

We know that many people don’t in fact read privacy policies. However, if one of the goals of Article 12 of the GDPR was to make privacy policies easier to read so that more people would indeed do so, then it is off to a bad start. Less than 20% of the sample actually decreased the number of words in their privacy policy. 80% of the privacy policies were longer as a result of the GDPR update.

There are other ways to measure readability of course, so it is possible that these companies have indeed met the GDPR requirement to be concise, transparent, intelligible and easily accessible using clear plain language. Nevertheless, the word count is probably a pretty good measure of whether a disclosure is “concise” and they seem to be going in the wrong direction on that statistic.

We ultimately looked at 63 privacy policies that were updated in May 2018 where we could find the earlier policy in effect around approximately January 1, 2018 as our sample. This included major companies, startups, hotel chains, law firms and others to ensure a wide range of disclosures.

Contact Clarip for Help with Your Privacy Program

The Clarip data privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.

If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping software, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie consent manager, Clarip can help strengthen your privacy program.

If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with our consent software.

Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.