It seems to me that the whole privacy notice thing is another version of the "bury them in discovery" tactic that lawyers use. Only a lawyer can read and understand all of these policies.
What we need are privacy notices that describe in plain language how a company's policy deviates from some standard privacy policy that we do take the time to understand.
If I were renting a car, I'd need to know how its operation is different from other cars. I don't need to read about how to do everything.
> What we need are privacy notices that describe in plain language how a company's policy deviates from some standard privacy policy that we do take the time to understand.
And that’s exactly one point the GDPR asks for:
(39) ... The principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used. ...
What we need are privacy notices that describe in plain language how a company's policy deviates from some standard privacy policy that we do take the time to understand.
If I were renting a car, I'd need to know how its operation is different from other cars. I don't need to read about how to do everything.