# Analyzing GDPR Compliance Through the Lens of Privacy Policy

**Authors:** Jayashree Mohan, Melissa Wasserman, Vijay Chidambaram

arXiv: 1906.12038 · 2019-07-01

## TL;DR

This paper analyzes the privacy policies of major cloud services to identify GDPR compliance issues, revealing vulnerabilities and proposing best practices for clearer, more compliant privacy policies.

## Contribution

It provides a systematic analysis of GDPR-related privacy policies, identifying common vulnerabilities and suggesting best practices for compliance.

## Key findings

- Identified GDPR vulnerabilities in ten cloud services.
- Many services lack clear and concise privacy policies.
- Proposed seven best practices for GDPR privacy policies.

## Abstract

With the arrival of the European Union's General Data Protection Regulation (GDPR), several companies are making significant changes to their systems to achieve compliance. The changes range from modifying privacy policies to redesigning systems which process personal data. This work analyzes the privacy policies of large-scaled cloud services which seek to be GDPR compliant. The privacy policy is the main medium of information dissemination between the data controller and the users. We show that many services that claim compliance today do not have clear and concise privacy policies. We identify several points in the privacy policies which potentially indicate non-compliance; we term these GDPR vulnerabilities. We identify GDPR vulnerabilities in ten cloud services. Based on our analysis, we propose seven best practices for crafting GDPR privacy policies.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.12038/full.md

## References

34 references — full list in the complete paper: https://tomesphere.com/paper/1906.12038/full.md

---
Source: https://tomesphere.com/paper/1906.12038