Abstract
The EU General Data Protection Regulation (GDPR) of 2018 introduced stringent transparency rules compelling firms to disclose, in accessible language, details of their data collection, processing, and use. The specifics of the disclosure requirement are objective, and its compliance is easily verifiable; readability, however, is subjective and difficult to enforce. We use a simple inspection model to show how this asymmetric enforceability of regulatory rules and the corresponding firm compliance are linked. We then examine this link empirically using a large sample of privacy policies from German firms. We use text-as-data techniques to construct measures of disclosure and readability and show that firms increased the disclosure volume, but the readability of their privacy policies did not improve. Larger firms in concentrated industries demonstrated a stronger response in readability compliance, potentially due to heightened regulatory scrutiny. Moreover, data protection authorities with larger budgets induce better readability compliance without effects on disclosure.
| Original language | English |
|---|---|
| Place of Publication | Mannheim |
| Publisher | ZEW - Leibniz-Centre for European Economic Research |
| Volume | 12 |
| Publication status | Published - Mar 2024 |
Erasmus Sectorplan
- Sector plan Recht-Public and Private Interests
- Sector plan Recht-Empirical Legal Studies
- Sector plan SSH-Breed