Template-Type: ReDIF-Paper 1.0
Title: Regulatory Compliance with Limited Enforceability: Evidence from Privacy Policies
Author-Name: Bernhard Ganglmair
Author-Email: b.ganglmair@gmail.com
Author-Name: Julia Krämer
Author-Email: j.k.kramer@law.eur.nl
Author-Name: Jacopo Gambato
Author-Email: ja.gambato@gmail.com

Classification-JEL: D22; K20; L51
Keywords: data protection, GDPR, information disclosure, privacy policies, regulation, text-asdata,
transparency

Abstract: We study how asymmetric enforceability of regulatory rules affects firms’ compliance
using a simple inspection model and a large sample of German privacy policies. We exploit
the introduction of the General Data Protection Regulation, compelling firms to disclose,
in accessible language, details of their data use. The specifics of disclosure are objective,
whereas readability is subjective and difficult to enforce. We show that firms increased
disclosure, but the policy readability did not improve. In line with theory, firms anticipating
regulatory scrutiny and those facing higher-budget data protection authorities demonstrated
a stronger response in readability compliance without sizeable effects on disclosure.

Note: 
Length: 69
Creation-Date: 2024-05
Revision-Date: 2024-09
File-URL: https://www.crctr224.de/research/discussion-papers/archive/dp547
File-Format: application/pdf
Handle: RePEc:bon:boncrc:CRCTR224_2024_547v2