Understanding Data Practices in Private Corporations : Analysis of Privacy Policies, Cookies Statements and “Dark Patterns”

Abstract: Introduction: We analyse the privacy policies of 15 private corporations to understand if the data handling practices – data collection, storage, and sharing –described in the policies are ethical or unethical. The data we leave behind when we use the Internet are crucial for corporations. The data provides valuable insights into our lives, thus helping corporations improve targeted marketing campaigns and increase their revenue. Method: Extensive literature review of peer-reviewed articles, written between1993 and 2021, to examine how theoretical perspectives and empirical findings evolved over time; combined with empirical research to analyse the privacy policies and “dark patterns” of 15 companies. The companies were chosen at random and belong to different sectors to give a broader understanding of the current privacy and data handling practices. Analysis: Discourse analysis of the privacy policies to evaluate the type of language used, if it is clear, easy to understand, and if the policy informs users about how their data are collected, shared, and stored. But also, a visual analysis to understand if the company is implementing “dark patterns”. Results: The results indicate that most privacy policies use misleading terms, are not fully transparent about the company’s data handling practices, and often implement “dark patterns” to try to influence the users’ decisions. Conclusion: Most companies have privacy policies available on their websites due to a clear influence from the GDPR legislation, however, there appears to be a conflicting relationship between wanting to comply with the GDPR and wanting to gather as much information as possible.