A newsletter that chomps through PDFs and brings you the hottest content from the very niche world of tech-academia. Bite-sized.
Starting this year, I also plan on reading more academic papers around tech and policy. Recording my readings and (sometimes, observations + annotated copies on this newsletter). Please do recommend papers and share your insights!
What I Read This Week:
The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise by Razieh Nokhbeh Zaeem and K. Suzanne Barber for The Center for Identity, The University of Texas at Austin. [Link; Is behind a paywall so won’t be sharing a PDF with my comments].
What You Should Know:
The GDPR has had a significant impact in protecting user data, but there is still a long way to go, especially in giving users the right to edit and delete their information.
Websites changed their privacy policies to comply with the GDPR once it came into effect.
The biggest changes to policies came were in protecting the Personally Identifiable Information of children and data aggregation.
However, there has been a 13% decrease in protection for consumer rights (such as the right to edit/delete) their information and a 57% non-compliance rate in new policies after the GDPR came into effect in May 2018.
Here is where privacy policies need to improve:
- Policies fail to mention whether they encrypt data while at rest.
- Policies do not mention if and when they notify the supervisory authority in case of a data breach.
- MNCs based in the US and Europe protect children under 13 as per US regulation and not 16 as per the GDPR, leaving children between the age of 13-16 without protection.
Data Sufficiency and Graphs (from the source):
*PII here means personally identifiable information
What I Have Been Reading: