Some of the world's largest technologycompanies might be breaking the European Union's new data privacylaw, according to an analysis of their policies conducted byartificial intelligence (AI) software.Researchers from the EuropeanUnion Institute in Florence worked with an EU consumer organizationto create the software. They then used the program to examine theprivacy policies of 14 major technology businesses, includingAlphabet Inc., Amazon.com Inc., and Facebook Inc. They found that athird of those clauses were “potentially problematic” or contained“insufficient information.” Another 11 percent of the policy'ssentences used unclear language, the academics said.The researchersdidn't make public which companies' policies violated whichprovisions of the law, publishing only aggregate findings for allof the companies in the study.Clear and comprehensive explanationsof what data a company collects, how it uses the data, and who itshares the information with are key requirements of Europe's newGeneral Data Protection Regulation (GDPR), asweeping privacy law that took effect on May 25. In many cases,companies must get explicit consent from customers to hold andprocess their data. Companies that violate the new rule can facefines as high as 4 percent of global sales.Among the problems foundby the AI software—which is called “Claudette”—were policies thatdid not identify third parties a company might share personal datawith, policies that stated users would be deemed to have agreed toa plan simply by using the company's website, and others that usedvague and confusing language.Monique Goyens, director general ofBEUC, the Brussels-based European consumer organization, said theresearch was “very concerning” and urged EU regulators to look atthe possible violations the researchers spotted. “Many privacypolicies may not meet the standard of the law,” she said in astatement.The software uses natural language processing—a subfieldof machine learning aimed at understanding language—to compare thewording of companies' policy documents to model policy clauses thathave been developed by an EU body that represents all of the bloc'snational data protection authorities.“AI can be used to keepcompanies in check and ensure people's rights are respected,”Goyens said, adding that such software would make it easier for EUdata privacy regulators to monitor the vast number of businessesthey are now responsible for policing and to start legal actionagainst those who break the law.A spokesperson from Alphabet'sGoogle said the firm has updated its privacy policy and uses clearand plain language. An Amazon spokesperson said its policies arecompliant with GDPR, and that users of its Alexa service are incontrol of their data.Facebook said in a statement that it has“worked hard” to comply with GDPR, taking steps that includedclarifying its privacy policies and making settings easier to use.The company said it had sought advice from experts and governmentofficials, including the Irish Data Protection Commission, which isthe company's primary regulator in Europe.The researchers said theychose companies including social media giants and gaming platformsbecause they are dominant in the dominant technology platforms inEurope. They “should be setting a good example for the market tofollow,” the academics said in a statement.The study was conductedin June, a month after GDPR took effect. The researchers noted thatto prepare for GDPR many companies asked consumers to agree toupdate privacy policies. “Users were faced with a tsunami of updatepolicies and new consent requests,” the researchers said. “It isvery hard for them to assess whether their rights are beingrespected.”

Copyright 2018 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.