Who has ever read a privacy policy? Truthfully? They are not quite as absurd as the iTunes terms and conditions (now a graphic novel), but a paper by McDonald and Cranor estimates that if the average person read every privacy policy for every website they visited in a year, that reading time would amount to some 244 hours. In 2010, Facebook's privacy policy was longer than the US Constitution. It's this absurdity that the GDPR is attempting to tackle – privacy policies may still be long and unwieldy documents, but users must be made aware of the salient facts in an easy-to-read notice at the point of consent or data collection. Get the full story at Econsultancy Read also "GDPR a key challenge for hotels"