However, the “less is more” principle, is not always the case. Shortened forms of Privacy Policies from companies conducting complex data processing procedures, inevitably leave out important details and simplify technology information. This over-simplification results in reduced transparency and accountability, as well as concealing of the “full story” of practices. In addition, short Privacy Policies are less likely to click all the boxes of the GDPR’s minimum requirements of information provided to data subjects, and other self-regulatory or voluntary standards that have to be met. Another point to be considered is that, although policies are usually addressed to customers, they remain legal binding terms of offering a service for the companies, applying in cases of audits from competent Authorities and regulators, as well as litigation cases.
The editorial team