Promise not Fulfilled: FinTech Data Privacy, and the GDPR
Lars Hornuf and
No 9359, CESifo Working Paper Series from CESifo
This article analyzes how the General Data Protection Regulation (GDPR) has affected the privacy practices of FinTech firms. We study the content of 308 privacy statements respectively before and after the GDPR became binding. Using textual analysis methods, we find that the readability of the privacy statements has decreased. The texts of privacy statements have become longer and use more standardized language, resulting in worse user comprehension. This calls into question whether the GDPR has achieved its original goal—the protection of natural persons regarding the processing of personal data. We also analyze the content of privacy statements and link it to company- and industry-specific determinants. Before the GDPR became binding, more external investors and a higher legal capital were related to a higher quantity of data processed and more transparency, but not thereafter. Finally, we document mimicking behavior among industry peers with regard to the data processed and transparency.
Keywords: data privacy; FinTech; General Data Protection Regulation; privacy statement; textual analysis; financial technology (search for similar items in EconPapers)
JEL-codes: K20 L81 (search for similar items in EconPapers)
New Economics Papers: this item is included in nep-big, nep-cwa, nep-law, nep-pay and nep-reg
References: View references in EconPapers View complete reference list from CitEc
Citations: Track citations by RSS feed
Downloads: (external link)
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
Persistent link: https://EconPapers.repec.org/RePEc:ces:ceswps:_9359
Access Statistics for this paper
More papers in CESifo Working Paper Series from CESifo Contact information at EDIRC.
Bibliographic data for series maintained by Klaus Wohlrabe ().