“Privacy policies … have evolved from … largely factual statements to become, nowadays, either long, verbose and impenetrable legalese, or else vague and soothing PR exercises. Either approach places the burden on the individual to understand complex data practices and act rationally in her own best interests.” says European Data Protection Supervisor Giovanni Buttarelli.
“Transparency is a cornerstone of data protection as well as consumer law, inextricably linked to lawfulness and fairness. Transparency however has also become a double-edged sword: provide too much information and the average person cannot be reasonably expected to read it; oversimplify and she will have little idea of what is really going on. That is why the GDPR strains to specify what it means to be transparent: namely that information provided should be in clear and plain language, easy to access and to understand. [P]eople should not be compelled, in signing up to a service, to accept personal data processing which they are not comfortable with; and having sufficient information is a prerequisite to such an entitlement.”