The European Commission has once again pledged to launch a major EU-wide marketing and advertising campaign to boost awareness of GDPR, despite breaking its pledge – made over two years ago – for a “massive” push in the run up to the regulation coming into force.
The latest commitment follows the publication of a new European Commission study, which quizzed 27,000 EU consumers about their knowledge of data protection.
It showed that while nearly three-quarters (73%) of EU consumers had heard of at least one of their rights guaranteed under GDPR, only a minority (30%) were aware of all their rights under the framework.
The highest level of awareness among those surveyed was for the so-called “right of access”, with over three-fifths (65%) knowing that they can file a subject access request (SAR). This was followed by the right to correct data held on them if it is wrong (61%); the right to opt-out of direct marketing (59%) and the right to have data deleted (57%).
The Commission said it will launch the marketing push to boost awareness of privacy rights and encourage EU consumers to optimise their privacy settings, “so that they only share the data they are willing to share”.
And the survey findings have sparked fresh calls from senior Brussels officials for companies to declutter and clarify their privacy policies and T&Cs.
Not that these concerns are anything new; back in 2014 a UK Parliamentary report likened many of the policies used by the likes of Facebook to “engaging with Shakespeare”, adding that they were “not fit as a mechanism for demonstrating that users have given informed consent for some of the ways companies are now exploiting personal data”.
EU justice and consumer commissioner Věra Jourová, who presides over GDPR, said that helping Europeans regain control over their personal data was one of Brussels’ biggest priorities. However, she pointed out that of the 60% of Europeans who read their privacy statements, only 13% read them fully.
Jourová added: “This is because the statements are too long or too difficult to understand. I once again urge all online companies to provide privacy statements that are concise, transparent and easily understandable by all users. I also encourage all Europeans to use their data protection rights and to optimise their privacy settings.”
The Commission’s vice-president for the Digital Single Market, Andrus Ansip said that while it was “encouraging” that Europeans have become more aware of their digital rights, the fact remains that only three in ten know all their new powers under GDPR.
He added: “For companies, their customers’ trust is hard currency and this trust starts with the customers’ understanding of, and confidence in, privacy settings. Being aware is a precondition to being able to exercise your rights.”
Earlier this week, the Swedish data protection authority opened an investigation into Spotify’s privacy policies.
The probe follows initial complaints filed in January against Spotify and seven other tech giants – Amazon Prime, Apple Music, Netflix, SoundCloud, YouTube, DAZN and Flimmit – which provide streaming services.
Privacy group NOYB – set up by Facebook nemesis and Austrian privacy activist Max Schrems – claims that the companies fail to be upfront about what customer data they collect and what they use it for.
Spotify ad launch eclipsed by fresh GDPR investigation
ICO plots consumer campaign in run-up to GDPR D-Day
Call for Government action to explain GDPR to public
European Commission fails to hit its own GDPR deadline
Brussels chiefs plot GDPR consumer marketing blitz
T&Cs ‘more complex than the Bard’