GDPR and the cloud: examining readability deficiencies in cloud computing providers' privacy policies

There have been concerns about data privacy and protection internationally. This has led to the development of policy tools, such as the General Data Protection Regulations (GDPR), but there remains limited evaluation of the effectiveness of the policies. The purpose of this study is to examine cloud computing privacy policies in order to determine how they changed in response to GDPR. Specifically, we focus on the EU's mandate for "clear and plain language" by scrutinizing various content characteristics. In order to examine the response to the changes enacted by GDPR, we conduct a content analysis of cloud computing firm privacy policies from three periods. Results indicate that despite a mandate for "clear and plain language," the readability of the privacy policies post-GDPR did not improve. Surprisingly, many privacy policies examined showed a significant decrease in readability. Additionally, the use of uncertainty language and litigious language also increased in certain areas. The findings outlined in this study are informative for policy makers, businesses interested in minimizing risks associated with GDPR noncompliance, and individuals whose data is subject to GDPR. These findings also point to the challenges faced by organizations in developing effective policies in the realm of digital governance.