AI reveals potential Amazon, Facebook GDPR problems to regulators

The software said some companies' privacy policies are "potentially problematic" and use unclear language.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture | Video Games | Breaking News
Sean Keane
3 min read

Some companies' privacy policies might still be violating GDPR, AI software revealed.

Victoria Jones - PA Images

AI software reportedly uncovered suspected GDPR breaches by Alphabet, Amazon and Facebook.

The software -- created by EU Institute researchers and a consumer group -- looked at the privacy policies of 14 major technology businesses in June, the month after the EU's new data privacy laws went into effect, according to Bloomberg.

Researchers named the software "Claudette" -- short for automated clause detecter -- and Alphabet (Google's parent company), Amazon and Facebook were among the companies whose policies were under the AI microscope.

It found that a third of the clauses within the policies were "potentially problematic" or contained "insufficient information," while a further 11 percent of the policies' sentences used unclear language, the academics noted.

The software also noted that some policies failed to identify third parties that the company could share data with.

The findings didn't point out exactly which companies' policies violated GDPR, since they were aggregate findings for all those analyzed, Bloomberg noted.

Alexa 101: What you should know about Amazon's AI assistant

See all photos

Despite the software's findings, researchers admitted that the results of the automated scan "are not 100 percent accurate" since the software has only viewed a small number of policies.

Google insisted that its policy is compliant and highlighted that the updated version doesn't expand or make any changes to how it collects or processes users' information.

"We have updated our Privacy Policy in line with the requirements of the GDPR, providing more detail on our practices and describing the information that we collect and use, and the controls that users have, in clear and plain language," a company spokesperson said.

"We've also added new graphics and video explanations, structured the Policy so that users can explore it more easily, and embedded controls to allow users to access relevant privacy settings directly."

Facebook said it has worked hard to meet the GDPR requirements.

"We sought input from privacy experts and regulators across Europe as part of these preparations, including our lead regulator the Irish DPC," a spokesperson said in a statement.

"Our work to improve people's privacy didn't stop on May 25th. For example, we're building Clear History; a way for everyone to see the websites and apps that send us information when you use them, remove this information from your account, and turn off our ability to store it."

Amazon didn't immediately respond to a request for comment.

Watch this: GDPR: Here's what you need to know

The EU has been enforcing the General Data Protection Regulation since May 25 and the law requires the companies adopt greater openness about data they have on EU residents, as well as with whom they share the data.

Last week, a Norwegian Consumer Council report said Facebook, Google and Microsoft are using "dark patterns" -- special designs and user interfaces -- to trick people into sharing personal information.

Latest update at 7:32 a.m. PDT: Adds Facebook statement.

Updated at 4:24 a.m. PDT: Adds Google statement and further background on the software.

Will AI need therapy in the future? HAL's got to process some stuff, guys...

Um, hi, I'd like to, uh, make an appointment: Google opens its human-sounding Duplex AI to public testing