On May 25th, 2018 the European Union’s General Data Protection Regulation, better known as GDPR, became an enforceable law. The policy was implemented primarily to create greater transparency regarding how companies handle personal data, and to enforce stricter requirements around the use and sharing of that personal data.
Get the Free Essential Guide to US Data Protection Compliance and Regulations
We decided to look at the individual privacy policies of the top websites on the web to check word count, reading time and reading grade level before and after GDPR to determine just how easy these companies are making it for users to understand their policy changes.
What Did Privacy Policies Look Like Before GDPR?
Yahoo was by far the easiest the shortest read of the group at under 8 minutes. Their reading level site just above the average of 13.6. Perhaps fittingly, Facebook’s reading level was the easiest reading level of 11 given their push to be more transparent about their privacy.
So, how did things change once GDPR caused these sites to update their policies?
How Did Privacy Policies Change After GDPR?
The major change seen here is that eBay not only increased their word count to the highest on the list, but their reading level now sits at 20. Yahoo is still the the lowest word count and reading time, but Reddit now has the easiest reading level. We dig deeper into each site to understand the changes after GDPR below starting with the most popular site on the web, Google.
Google processes over 40,000 search queries every second, which translates into 3.5 billion searches every day. Since search is only one avenue for Google to collect data from users, the amount of raw data collected is mind blowing. By some estimates, Google owns and stores about 15 exabytes of data. To put this in perspective, 1 exabyte equates to 1 million terabytes.
Following intense public scrutiny following the Cambridge Analytica scandal, Mark Zuckerberg testified before Congress and the European Parliament. After his testimony, the chair of the European Parliament Civil Liberties, Justice and Home Affairs said, “Mr Zuckerberg and Facebook will have to make serious efforts … to convince individuals that Facebook fully complies with European data protection law.”
Reddit is the self-proclaimed “front page of the internet” and, with over 1.5 billion monthly active users and over 1.2 million total subreddits, that tagline has become a self-fulfilling prophecy. There are subreddits dedicated to blackhat hacking techniques and other subreddits that have been targeted for the very nature of their existence.
In December of 2017, the cryptocurrency focused r/btc subreddit was targeted by a series of hacks that resulted in users bitcoin cash wallets being depleted. The very nature of Reddit, which involves sharing links to third-party sites, exposes users to threat of malicious intent. With this in mind, it’s a little surprising to see the word count decreased by 38.20 percent.
Amazon has grown into more than just the largest eCommerce company in the world. Their cloud computing platform, Amazon Web Services, is now responsible for 10 percent of the company’s revenue. Security is more important than ever since Amazon now houses sensitive data of individuals — the cloud platform reached 1 million users in 2016.
The company also stores the information of companies and governments. An Uber breach in 2016 that compromised the information of 57 million users worldwide was linked to a compromised Amazon Web Services account.
Wikipedia was launched in 2001 with the goal to increase the availability of information worldwide, and the English edition has reached since reached 5.6 million articles. While the often-cited website has since become one of the most popular in the world, it’s information isn’t always completely reliable. The free encyclopedia was built around a model of openly editable content, which means that anyone with access to the Internet can edit it, even anonymously or using a pseudonym.
A golden child of the dot-com bubble, the domain “yahoo.com” was purchased on January 18, 1995. By 1997, Yahoo was the second most visited website on the internet, after AOL, and Yahoo’s valuation skyrocketed to $125 billion before the bubble popped and the company’s stock fell dramatically. When cooler heads prevailed, the stock price began to normalize and the company maintained its position as one of the most frequently viewed websites in the U.S.
Twitter launched in 2006 after the founding team failed in starting Odeo, a podcasting company. The team included current CEO Jack Dorsey who sent the first “tweet” when it was an SMS service. The company had their initial public offering in 2013 with over 200 million monthly active users and over 500 million tweets per day.
eBay, another veteran member of the Silicon Valley dot-com bubble on this list, started as an online auction marketplace. In fact, the company was started to help the founder’s fiancée trade her collection of Pez dispensers. With their “Buy It Now” feature, the company has moved beyond their original auction-style business model and solidified their place in eCommerce.
Social media photo- and video-sharing app Instagram has a wealth of information to protect: As of 2017, the app has 800 million users, 500 million of which are daily users. Additionally, more than 40 billion photos have been uploaded to the app as of October 2015; this number doesn’t reflect the number of videos (or “Stories”) uploaded to the app, as that feature launched in 2016.
Instagram isn’t a stranger to breaches of this information, either. In 2017 the app suffered a data breach that left the personal information of approximately six million users vulnerable. Among the information affected were the phone numbers and email addresses of high-profile users, which was then made available on the dark web. The company is also owned by Facebook, which faced widespread criticism following the 2018 Cambridge Analytica scandal.
Instagram’s policies increased across the board: It’s word count increased over 40 percent, while the time it takes to read increased a full 6 minutes.
What began as a DVD rental service in 1997 quickly expanded and exploded with the proliferation of technology: Today, Netflix is a subscription-streaming service provider and content producer with over 125 million users worldwide. The company also expanded globally in 2016, simultaneously launching in 130 countries and bringing its total availability to 190 countries.
The company has also been hacked: In 2015, security company McAfee released a report that detailed how you can buy access to streaming accounts, like Netflix’s, on the dark web. A file containing 1.4 billion hacked passwords, which was leaked on the dark web in 2017, also included Netflix login information.
How Privacy Policies Have Changed Overall?
Wikipedia showed the largest update, with a word count increase of almost 95 percent. Only two companies — Facebook and Reddit — decreased both the word count and the reading time of the privacy policies.
Google – Old | New | Facebook – Old | New | Reddit – Old | New | Amazon – Old | New | Wikipedia – Old | New | Yahoo – Old | New | Twitter – Old | New | eBay – Old | New | Instagram – Old | New | Netflix – Old | New | IBM Watson – Natural Language Understanding | IBM Watson – Tone Analyzer | Readability Formulas | Alexa | Niram | EU – GDPR
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.
Rob Sobers is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way.