Ever wonder where, how, and why your personal data is processed? Post-GDPR, you might be able to find the answers by looking at privacy policies. In part 2 of our Sweet Sixteen series, we’re bringing you the highlights from 8 more privacy policies, informing you on how to gain control of your personal data privacy. Check out the first part of our series here!
Opentable offers extensive information regarding how your data is shared. Some of these include sharing:
Opentable does well to offer a way to opt out of information sharing through your account preferences, and allows users to opt out of marketing communication through an unsubscribe link.
Opentable has a specific page tailored toward residents of the EU and UK that includes these additional rights regarding personal data:
To make a request, you can contact OpenTable.
Similar to OpenTable, Rubrik has a designated section for EU residents. Additional information is included such as:
You can request access to your data by contacting Rubrik.
The following information is collected:
Dropbox has options for users in regard to personal data as stated:
It’s important to note that the data accessible through these methods is simple account information. Personal data that is processed, shared, and used by Dropbox may have limited access for users. The discrepancy between account data and personal data isn’t always visible to users but is important in determining the privacy and transparency level of the company.
Dropbox also publishes a transparency report twice a year that informs users of the company’s requests in regard to data.
InVision has one of the most extensive privacy policies we’ve seen, and it attempts to cover all user concerns. The policy illustrates processing grounds, data transfers, data subject rights, security, and more.
Some of the uses for data processing are as stated:
InVision offers the following options with regard to personal data:
Finally, InVision has a GDPR compliance page. This page provides EU residents with greater transparency in terms of compliance with the GDPR.
Similar to Dropbox, Lever has account data accessibility for all users. However, account data accounts for only a small portion of the personal data a company collects, and non-EU residents aren’t able to access, delete, or object to the processing of their personal data. Further, this distinction highlights that many companies are attempting to comply with GDPR but aren’t as focused on increasing transparency across all users in terms of personal data.
Mixpanel also features a data processing addendum that includes information about compliance with the GDPR, terms of data processing, and the types of personal data processed. After requesting, we were able to access Mixpanel’s list of subprocessors — which is a clear indicator that the company is taking steps to be fully compliant with the GDPR.
As stated by Mixpanel, “A subprocessor is a third party data processor engaged by Mixpanel, including entities from within the Mixpanel group, who has or potentially will have access to or process Customer Content (which may contain Personal Data).”
Sumologic covers its bases in terms of information collected, privacy shield coverage, and data usage. The policy states that information is used to:
The policy is lacking in certain key areas, as it fails to address the concerns of the GDPR and other upcoming regulation. There is a section regarding access to personal data, with a contact, however, no time frame or additional information is specified for data subjects.
Intercom also offers access to the following rights for data subjects:
To take control of your personal privacy, it’s crucial to first find out what personal data companies have collected on you. Submitting access requests helps consumers take hold of their privacy. In the future, regulation may grant additional rights to citizens worldwide including data deletion and the right to be forgotten. California already has a bill set to release in early 2020, which will grant many rights to its residents in regard to their data.
For companies, privacy will continue to be a hot topic. Both in order to comply with future regulation, and to provide users with confidence, firms will have to be transparent with their data processing and use. Many policies have been changed to provide additional resources for EU residents in order to comply with the GDPR, however, companies that are looking to the future will want to provide these resources for all of their users and customers.
According to a study by Label Insight, 94% of consumers surveyed indicated that they were more likely to be loyal to a brand that offers transparency, while 73% said they were willing to pay more for a product that offers complete transparency.
By providing these rights, users will build greater trust in the business and are more likely to continue working with the company.
A Deloitte survey of 2,000 consumers in the U.S found that 91% of people consent to legal terms and services conditions without reading them. For younger people, ages 18–34 the rate is even higher with 97% agreeing to conditions before reading.
It’s evident that privacy policies and similar documents are often ignored by the average user. Unfortunately, this allows companies to have users agreeing to any terms they want, as it rarely affects a user’s decision to proceed with the product or service.
We hope you were able to learn more about your personal privacy in this two-part series and took away some key points about the data processing that companies currently employ. As privacy continues to become a greater concern, policies will need to be looked at from both a compliance and personal privacy perspective.
In the coming weeks, we will be continuing to interview Data Protection Officers, several of who were involved in writing privacy policies.
Check out the first part of our series here!
About the Author: Kyle Schryver is a Growth and Marketing Content Intern at DataGrail. He’s an eager worker, producing targeted content designed to provide actionable insights and solutions to readers. You can find him on LinkedIn and contact him at firstname.lastname@example.org.