Most people in Europe have heard of the General Data Protection Regulation (GDPR) and are aware of at least one right guaranteed by the landmark rules, a special Eurobarometer survey has shown.
The European Commission polled 27,000 people in the European Union in March of this year to gather their views on data protection and GDPR itself, which came into effect on May 25th, 2018, and gives power back to EU citizens over how their personal information is processed and used.
The survey showed that two-thirds (67%) of the respondents have heard of GDPR, whereas 32% have not. Of the respondents who are aware of the regulation, there was a fairly even split between those who have heard of it and know what it is versus those who have heard of it but don’t know exactly what it is. The level of awareness varied wildly between countries – from 90% in Sweden all the way to 44% in France.
When it came to rights guaranteed by the regulation, nearly three in four people (73%) said they’d heard about at least one out of six GDPR-guaranteed rights that were specifically brought up in the survey.
One in three people (31%) were aware of all six, whereas 27% of people never heard about any of them. The rights to access one’s data, to correct one’s data, and to object to receiving direct marketing rang a bell, at least, to most people. The right to 'be forgotten', to have one's data moved from one provider to another, and not to be subject to a decision based solely on automated processing came next.
Similarly, the majority of people were aware of the existence of a public authority in their country that is responsible for protecting their rights regarding personal data.
“The results show that Europeans are relatively well aware of the new data protection rules, their rights and the existence of national data protection authorities, to whom they can turn for help when their rights are violated,” said the European Commission.
The EU’s executive arm also announced that it was launching a campaign to boost people’s awareness of their privacy rights, as well as encourage them to read privacy statements and optimize their privacy settings on websites.
Inscrutable and intractable
On a related note, the survey found that perhaps a surprisingly high number of Europeans (60%, to be exact) read websites’ privacy policies at least partly – with 13% saying that they actually read them in their entirety.
Meanwhile, most of those who never read them said that this is because the statements are too long or difficult to understand. “I once again urge all online companies to provide privacy statements that are concise, transparent and easily understandable by all users,” Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality, was quoted as saying.
In fact, The New York Times has just published an analysis of privacy policies of 150 popular websites and apps. Interestingly enough, Google’s privacy policy, for example, became more readable after the introduction of GDPR. However, this was found to be at the expense of brevity, suggesting “an intractable tradeoff between a policy’s readability and length”, wrote NYT.