Content Analysis of Privacy Policies Before and After GDPR

Privacy policies are statements about how websites, applications, and any other service providers collect, use, share and manage users' data. Nowadays, the contents of privacy policies have been affected by different regulations such as the General Data Protection Regulation (GDPR), which enforces the protection of personal data and also requires privacy policies to be more transparent for readers. There is a limited understanding of how GDPR has impacted the content of privacy policies. This study presents a framework for evaluation of compliance of privacy policies with GDPR recommendations and best practices. This evaluation framework includes text feature analysis, coverage analysis, and content analysis. Our findings suggest that although GDPR enforcement has improved the content of privacy policies, many of these privacy policies do not fully satisfy GDPR requirements.