Publication in Electronic Markets

Professor Dr. Lars Hornuf has published a new article in Electronic Markets under the title “Promise not fulfilled: FinTech, data privacy, and the GDPR.” The article emerged in collaboration with Prof. Dr. Gregor Dorfleitner and Julia Kreppmeier from the University of Regensburg.

The article analyzes how the General Data Protection Regulation (GDPR) has affected the privacy practices of FinTech firms by studying the content of 276 privacy statements respectively before and after the GDPR became binding. The authors find that the readability of the privacy statements has decreased. The texts of privacy statements have become longer and use more standardized language, resulting in worse user comprehension. This calls into question whether the GDPR has achieved its original goal — the protection of natural persons regarding the transparent processing of personal data. Furthermore, the authors link the content of the privacy statements to FinTech-specific determinants. Before the GDPR became binding, more external investors and a higher legal capital were related to a higher quantity of data processed and more transparency, but not thereafter. Finally, the authors document mimicking behavior among FinTech industry peers with regard to the data processed and transparency.