Privacy policies, cross-border health data and the GDPR

Research going back to 2008 has shown that a vast majority of the people never read privacy policies (AM McDonald and LF Cranor, ?The Cost of Reading Privacy Policies? (2008) 4A JLPI 543). Since then, not a lot has changed (F Schaub and others, ?Designing Effective Privacy Notices and Controls? (2017) 99 IEEE 70). Most people formally consent to privacy policies without knowing what happens to their personal data. This odd situation is called the privacy paradox: while people highly value their fundamental right to privacy, they do not act accordingly, especially when it concerns new technologies (M Taddicken, ?The ?Privacy Paradox? in the Social Web? (2013) 19 JCMC 248). Since more and more people use apps on their mobile phones and wearables to measure their health, it is important to do research in this area. Nowadays, privacy is a popular news item; this might be why more and more companies use privacy both in their business models and as a marketing tool. This raises the question whether people really give ?informed consent? to privacy policies, as they seem to rely on marketing statements rather than reading the actual privacy policies themselves.