Promise not fulfilled: FinTech, data privacy, and the GDPR

Publikation: Beitrag in FachzeitschriftForschungsartikelBeigetragenBegutachtung

Beitragende

Abstract

This article analyzes how the General Data Protection Regulation (GDPR) has affected the privacy practices of FinTech firms. We study the content of 276 privacy statements respectively before and after the GDPR became binding. Using text analysis methods, we find that the readability of the privacy statements has decreased. The texts of privacy statements have become longer and use more standardized language, resulting in worse user comprehension. This calls into question whether the GDPR has achieved its original goal—the protection of natural persons regarding the transparent processing of personal data. We also link the content of the privacy statements to FinTech-specific determinants. Before the GDPR became binding, more external investors and a higher legal capital were related to a higher quantity of data processed and more transparency, but not thereafter. Finally, we document mimicking behavior among FinTech industry peers with regard to the data processed and transparency.

Details

OriginalspracheEnglisch
Aufsatznummer33
Fachzeitschrift Electronic Markets: The International Journal on Networked Business
Jahrgang33
Ausgabenummer1
PublikationsstatusVeröffentlicht - Dez. 2023
Peer-Review-StatusJa

Externe IDs

dblp journals/electronicmarkets/DorfleitnerHK23
unpaywall 10.1007/s12525-023-00622-x
ORCID /0000-0002-0576-7759/work/142239319
Scopus 85161979480
WOS 001032868100001
Mendeley 76e778ca-b9e7-3d8e-8ef3-26b41e548d30

Schlagworte

Forschungsprofillinien der TU Dresden

Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis

Schlagwörter

  • Data privacy, FinTech, Financial technology, General Data Protection Regulation, Privacy statement, Textual analysis

Bibliotheksschlagworte