Who reads terms and conditions anyway?
Smart Security Week, a yearly event taking place in Marseille, France, has just had its inauguration with a speech by Jon Shamah, a European eID Subject Matter Expert. The most significant and current topic is GDPR (General Data Protection Regulation) and how it may affect each of us as citizens as well as our businesses.
By now, everyone has heard of GDPR, the EU regulation that aims at protecting personal data. GDPR is essentially based on four pillars: rights of individuals, right to be informed, right of erasure and obligations of data processors. A daily consequence for each of us is the evolution in what we see when we visit any website: instead of a standardized cookie warning, we get options: do you want to blindly accept tracking, or do you prefer to check it in detail.
Users who choose the detailed option are led into a maze of lists of information bits, who collects them and for which purpose. These lists are still very abstruse for the average end-user, including items such as “analytics/measurement,” “content customization” or even “optimization” that do not make personal data use any clearer. Clicking on the list of involved companies does not help the layman any further: besides the expected Facebook business, Microsoft advertising or Amazon associates, one can find an endless list of lesser known companies.
Terms and conditions (T&Cs) are usually too long and too difficult to understand for anyone to bother reading them. The British website Which evaluated in 2012 that Paypal’s Terms and Conditions were longer than "Hamlet" by Shakespeare!
We all know GDPR has turned in a gigantic source of business for lawyers and consultants. Is its only significant effect to produce lists of T&Cs, cookies, functions and companies no one ever bothers to read?