Privacy Statements in China, Germany, and the United States

Hornuf, Lars; Mangold, Sonja; Yang, Yayun

doi:10.1007/978-3-031-32064-4_4

Part of the book series: Advanced Studies in Diginomics and Digitalization ((ASDD))

1114 Accesses

Abstract

This chapter investigates how crowdsourcing platforms handle matters of data protection and analyzes information from 416 privacy statements. We find that German platforms mostly base their data processing solely on the GDPR, while U.S. platforms refer to numerous international, European, and state-level legal sources on data protection. The Chinese crowdsourcing platforms are usually not open to foreigners and do not refer to the GDPR. The privacy statements provide evidence that some U.S. platforms are specific in the sense that they explicitly state which data are not processed. When we compare the privacy practices of crowdsourcing platforms with the German fintech sector, it is noticeable that pseudonymization and anonymization are, at least in Germany, used much more frequently on crowdsourcing platforms. Most privacy statements did not exhaustively clarify what personal data are shared, even though they mentioned the sharing of data with third parties.

You have full access to this open access chapter, Download chapter PDF

4.1 Processing of Data

This sub chapter investigates how crowdsourcing platforms de facto handle matters of data protection. The primary sources of information regarding data protection practices are the respective privacy statements of the platform companies. Our empirical method of analysis is largely based on Dorfleitner and Hornuf (2019). Most importantly, we categorize the data that is actually mentioned in the privacy statements and not that which would be theoretically or legally conceivable. Our examination addresses the following research questions: Which user data is collected? And how is the data processed? For each data category, we study the differences between China, Germany, and the U.S. and relate them to the respective legal system. In line with the classification of Boudreau and Lakhani (2013), we also examine differences between crowd complementor, crowd labor market, collaborative community, and crowd contest platforms. Finally, for the German market, we investigate differences in the processing of data between crowdsourcing platforms and another innovative, technology driven industry: the fintech sector. This comparison allows us to work out the industry-specific characteristics of crowdsourcing.

In a first step, we identified the crowdsourcing platforms that are active in the respective country. We started the search for crowdsourcing platforms through intensive internet research. To qualify for inclusion in our analysis, the crowd labor market and crowd contest platforms had to mediate tasks for which virtually anyone could apply. In the case of crowd complementors, the platforms had to present a task such as a software program to whose improvement everyone could in principle contribute. Finally, on collaborative community platforms, users could offer their products to the public, for example photos or apps, and others must pay for use. We did not consider traditional recruitment websites such as Monster.com or Indeed.com in our analysis, because they do not correspond to the definition of crowdsourcing. Crowdsourcing platforms differ from traditional job portals in that they have a greater influence on the handling of work and business processes, for example, by pre-selecting and rating the crowdworkers and crowdsourcers. Moreover, crowdworkers in our sample have frequently been self-employed and not employees. The platform often only acts as a mediator between the crowdworker and crowdsourcer. Crowdworkers can theoretically be employed by the crowdsourcer, but those in our sample have most often been self-employed. To qualify for inclusion in our sample, crowdworkers must also be paid by the crowdsourcer. Thus, we did not consider platforms where users posted ideas, opinions, evaluations, or solutions without any remuneration. Finally, to qualify for inclusion, the tasks on the platform have to be done online; that is, gig work platforms such as Uber Eats in the U.S. or Gorillas in Germany did not qualify for inclusion. In case the platform offered hybrid tasks that could be completed online and offline, we still considered these platforms in our sample.

For China, our main source for identifying crowdsourcing platforms is a list of such platforms from the 2010 China Witkey Industry White Paper, platforms referenced in academic literature, platforms covered by media such as China Central Television (CCTV), platforms mentioned on such websites as Baidu Zhidao or Zhihu, and platforms found through a systematic Baidu and Google search. We checked the platforms to ensure that only those that fit the definition of crowdsourcing in this book are included in our sample. For Germany, we extensively relied on the list by Mrass and Leimeister (2018), which was gathered as part of the project Innovations for Tomorrow’s Production, Services, and Work and was supported by the German Federal Ministry of Education and Research. The crowdsourcing platform list for Germany was appended by other sources such as Crunchbase. The current status of platforms was updated, for example, if platforms had in the meantime merged and only the surviving platform was taken into account. For the U.S., we mostly relied on Crunchbase to compile a crowdsourcing platform list, but also considered other sources, for example, platforms that have been cited in the literature. For all countries, we also conducted a systematic Google search to identify crowdsourcing platforms.

As Fig. 4.1 shows, we have identified 145 crowdsourcing platforms for China that fall under the definition of crowdsourcing outlined above. Of these companies, 22 had no website and thus no privacy statement available. Another 22 had a website; however, despite an extensive search on the website, we could not find any privacy statement online. We have identified 47 crowdsourcing platforms in Germany and all of these platform companies had a website and privacy statement. For the U.S., we have identified 293 crowdsourcing platforms, of which 20 had a website but, despite an extensive search on the respective website, we could not find any privacy statement online. Another five of these platform companies had no website and thus no privacy statement available. In sum, we have identified 416 privacy statements that we can use for our empirical analysis. A list of all crowdsourcing platforms in our data sample is included in the Appendix.

The privacy statements in the three countries varied in their size and sophistication. On average, the privacy statements from China had 7171 words (standard deviation 5183 words). The shortest Chinese privacy statement had only 393 words and the longest 22,371 words. Assuming a reading speed of 250 words per minute (McDonald & Cranor, 2009), it took almost half an hour to read an average privacy statement from China. The average privacy statement from Germany had 4284 words (standard deviation 2836 words). The shortest privacy statement had only 891 words and the longest 13,699 words. Thus, the average reading time for a privacy statement from a German crowdsourcing platform was 16 minutes and thus almost as long as a privacy statement from a German fintech platform (Dorfleitner & Hornuf, 2019, p. 54). The reason for this similarity might be the development towards more standardization and boilerplate language in privacy statements as a result of the GDPR (Dorfleitner et al., 2023). Finally, the privacy statements from the U.S. were the shortest and had on average 2831 words (standard deviation 2485 words). The shortest privacy statement had only 30 words and the longest 16,065 words.

A bar graph indicates the number of companies which has no website, no privacy statement, and privacy information. The values for China are 22, 22, and 101. Germany 0, 0, and 47. U S A 5, 20, and 268. — **Fig. 4.1**

In line with the definition by Boudreau and Lakhani (2013) and the exclusion criteria outlined above, we have classified the crowdsourcing platforms into crowd complementors, crowd labor markets, collaborative communities, and crowd contest platforms. Crowdtesting refers to the testing of products and especially software by a group of testers over the internet and is assigned to crowd labor markets. As Fig. 4.2 shows, crowd labor markets are an important segment in all three countries, although crowd contests are even more important in China. In Germany and the U.S., crowd labor markets are the most important segment. Note that some platforms offer services that fall under several segments, hence the shares of the four segments do not add up to 100%. This overlap occurs most frequently in China, where platforms often operate services that are based solely on smart phone applications rather than websites, while in Germany and the U.S. websites are also common formats.

A bar graph presents the percentage of labor markets, contests, complementors, and collaborative communities in China, Germany, and U S A. The highest values are for labor markets in Germany and U S A. Contests records the highest values in China. — **Fig. 4.2**

Even though companies are not required by law to have a privacy statement, they often comply with the requirement to inform their users (Art. 13–15 GDPR) by publishing such statements about the personal data they process. ^{Footnote 1} As Fig. 4.3 shows, informing users about the personal data processed can take place in one of two ways: either the platform publishes a separate privacy statement that only contains information about how data is processed or the platform integrates information about the processing of user data into the general terms and conditions. We find that all German platforms made a separate privacy statement available to their users, while about half of the platforms integrated further information in the terms and conditions. The U.S. platforms behave very similarly. An absolute majority publish a separate privacy statement and 79% publish further information about privacy in the terms and conditions. For China, we observe the opposite picture. The majority of platforms integrate information about the processing of personal data in the terms and conditions, while only 28% publish a separate privacy statement. This result is most likely due to the fact that foreign users only rarely use Chinese platforms, which makes the GDPR barely applicable to Chinese platforms. By contrast, U.S. platforms might fall under the scope of the GDPR and the requirement to inform their users if European crowdworkers are active on their platform. Furthermore, China only recently passed the Chinese Personal Information Protection Law in 2021, which could indicate that the need for a separate and more sophisticated privacy statement did not previously exist on the platforms. Finally, the texts of Chinese privacy statements have been on average longer, which indicates that China simply took a different approach in informing their platform users by integrating the information into a single document, the terms and conditions.

When comparing the privacy practices of separate and integrated privacy statements across platform types, we do not find significant differences between crowd labor markets, crowd complementors, and collaborative communities. As Fig. 4.4 shows, crowd contest platforms seem to integrate the privacy information more often into the general terms and conditions.

A bar graph depicts the percentage of separate privacy statements, and Integrated terms and conditions. 90% and 28% in China. 49% and 100% in Germany. 79% and 97% in the US. — **Fig. 4.3**

A bar graph depicts the percentage of separate privacy statements, and Integrated in terms and conditions, for labor markets, contests, complementors, and collaborative communities. The maximum values are in collaborative communities with 91 and 75 percent. — **Fig. 4.4**

Many platforms explicitly stated that the processing of personal data is based on a specific legislation. Very few pieces of legislation are mentioned in the privacy statements of German platforms. As Fig. 4.5 shows, 94% German platforms refer to the GDPR and to a much lesser extent also to the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the Telemedia Act (Telemediengesetz, TMG). The Federal Data Protection Act supplements and clarifies the GDPR, especially with regard to the processing of employee data, video surveillance, and the appointment of data protection officers and supervisory authorities. The Telemedia Act regulates the legal framework for services deemed telemedia in Germany, which include web shops, search engines, web mail services, information services, podcasts, and dating communities. Alongside the GDPR, the Telemedia Act is one of the central regulations in German internet law. When we compare the platforms that explicitly state that the processing of personal data is based on a different legislation than German law with a slightly older sample of the fintech industry, we find that references to the GDPR are now made much more frequently and references to specific foreign laws are no longer made.

Given that the Chinese Personal Information Protection Law (PIPL) was only passed in 2021 after our data collection ended, none of the Chinese platforms in our sample referred to the new law. Nevertheless, every tenth platform referred to the Regulation on Protecting the Safety of Computer Information Systems, which came into effect in 2011 and aims to promote the application and development of computers. Overall, 4% of the Chinese platforms refer to the Decision on Preserving Computer Network Security, which prohibits, among other things, the displaying of any online content that has not been approved by the government (Lee & Liu, 2012). Only 1% of the Chinese platforms refer to the Cybersecurity Law that came into effect in 2017 and for the first time comprehensively regulates data security in cyberspace in China. Chinese platforms do not refer to the GDPR. In general, the legal instruments mentioned in the privacy statements of Chinese platforms are more related to data security than to data privacy. In addition, some important and applicable legal sources related to the protection of personal data are not mentioned at all in privacy statements; for example, the General Provisions of Civil Law, or the Decision on Strengthening Information Protection on Networks. However, with the PIPL, the Data Security Law, and the Civil Code which came into effect in 2021, we expect Chinese platforms to update their privacy statements and also mention these new laws.

U.S. platforms refer to 22 different types of regulation. Most often, crowdsourcing platforms simply refer to the applicable law or U.S. law (each 31%). Second most important is the state law of California (28%), which is followed by the European GDPR (19%). In general, the types of regulation U.S. platforms refer to can be categorized into four types: (1) national law, (2) international law, (3) foreign law, and (4) state law. With regard to national law, besides mentioning U.S. law, platforms also mention the regulations of the Federal Trade Commission; however, such cases are rare. When mentioning international law, U.S. platforms often refer to the GDPR or EU law, the EU–US Privacy Shield, and OECD regulations. The EU–US Privacy Shield was negotiated by the U.S. Department of Commerce and the European Commission from 2015 to 2016 to provide companies with a mechanism for compliance with data protection requirements when transferring personal data. It consisted of a number of assurances from the U.S. federal government and an adequacy decision by the European Commission, but has been struck down by the Court of Justice of the European Union in 2020 (see Sect. 3.3 above for more details). As for foreign law, the U.S. privacy statements cite UK/British law, Canadian law, Australian law, Irish law, and German law. Finally, state laws explicitly mentioned are the California Consumer Privacy Act, followed by the State Law of California and the State Law of Nevada. Other state laws mentioned are those of New York, Texas, North Carolina, Vermont and Washington.

Overall, it appears that the aforementioned rights primarily reflect the international and federal nature of the U.S. and the predominant position of the GDPR in Germany. Data protection has only recently become more important in China and will continue to do so with the Chinese Personal Information Protection Law of 2021. The fact that foreign laws are not mentioned in Chinese privacy statements is again reflective of the fact that Chinese services are virtually still closed to foreigners.

A horizontal bar graph represents the percentage of different laws applicable in U S A, Germany, and China. G D P R is a maximum of 94 % in Germany and a minimum of 19% in U S A. — **Fig. 4.5**

As Fig. 4.6 shows, almost all crowdsourcing platforms state that they process personal data and no platform company explicitly mentioned in its privacy statement that it was not processing personal data. This pattern is identical for all three countries and four platform types. However, the majority of crowdsourcing platforms did not exhaustively list the types of personal data that were processed. In China and the U.S. respectively, 8% and 7% of the platforms provided an exhaustive list of the types of data being processed. None of the German platforms provided such an exhaustive list. The remaining platforms either provided examples of the data being processed or simply mentioned that personal data is processed by the platform. The fact that few platforms provide an exhaustive list of the personal data processed is in line with earlier findings for the German fintech industry (Dorfleitner & Hornuf, 2019) and most likely results from the fact that the GDPR led to more standardized and boilerplate privacy statements, which no longer address the specific privacy practices of a platform (Dorfleitner et al., 2023). Another reason why platform companies do not provide an exhaustive list of processed data is probably that the privacy statement has to be updated with each new cooperation with a third party, which leads to high transaction costs.

A bar graph denotes the percentage of yes, no information in the privacy statement, and exhaustive, for China, Germany, and U S A. Majority of responses are Yes from China, Germany and U S A while no information in the privacy statement records the lowest responses. — **Fig. 4.6**

Crowdsourcing platforms are specific in their matching of crowdworkers with crowdsourcers. As Fig. 4.7 shows, especially German (55%), but also U.S. platforms (34%), make an explicit distinction between data processed from crowdworkers and data from other user groups, such as crowdsourcers, clients, and visitors to the website. Only 5% of the Chinese platforms make such a distinction. This result is most likely due to the fact that there is no data protection law specifically related to crowdworkers, or the existing provisions in the field of personal data protection do not refer to crowdworkers. When analyzing whether particular types of crowdsourcing platforms differentiate between the processing of data from crowdworkers and other user groups, we find little difference. As Fig. 4.8 shows, at the extreme, collaborative communities differentiate in 30% of the privacy statements between different user groups, while crowd contests do so in 22% of the privacy statements.

A bar graph indicates the percentage of yes, and no information in the privacy statement, for China, Germany, and U S A. No information in the privacy statement records the maximum values in China at 95% and U S A at 66%. — **Fig. 4.7**

A bar graph displays the percentage of yes and no information in the privacy statement for labour markets at 30% and 70%, contests at 22% and 78%, complementors at 27% and 62%, and Collaborative Communities at 30% and 70%. — **Fig. 4.8**

A bar graph presents the percentage of yes, and no information in the privacy statement, for China, Germany, and U S A. Majority of the responses are Yes with 98% for China, Germany, and U S A. — **Fig. 4.9**

In the following analysis, we investigate the specifically listed types of data the crowdsourcing platforms process according to their privacy statement. As Fig. 4.9 shows, we find that most platforms specifically report which personal data are processed, even though the lists are seldom exhaustive. In a minority of cases (1–2%), it is not clear at all from the privacy statement which personal data is processed. In a more detailed analysis, as reported in Fig. 4.10, we find that most privacy statements list data such as the e-mail address (88%), name (82%), address (72%), phone number (68%), password (63%), and the IP address (62%). This is followed by bank account details (60%), gender (45%), date of birth (40%), passport and identity card data (36%), occupation and employment information (24%), and GPS and location data (23%). In less than 20% of the privacy statements, further data such as language, family status, or information on insurance were explicitly mentioned.

When comparing the three countries with regard to specific types of data processed, some differences become evident. Chinese privacy statements mention the processing of the email address, bank account details, and the IP address less often, but very frequently refer to the processing of passwords. According to the German privacy statements, the processing of passwords takes place comparatively less often (38%), but the processing of the IP address significantly more often (91%). Interestingly, and as Fig. 4.11 shows, some U.S. statements report which type of personal data is not processed. Explicitly mentioned were GPS and location data, information about graduation, qualifications, occupation and employment, and passport and ID card data, which reflects that some platforms want to stand out positively from their competitors. For example, the platform Shutterstock emphasizes in its privacy statement that no location-based information is collected from users. The company also advertises that it has the TRUSTe privacy seal. Another reason for specifying which data is not processed is the strict California data privacy law. For example, the platform Ebates mentions in its privacy statement that information such as professional information or education information is generally not collected from California residents, in accordance with California law.

When comparing the listed types of data processed by crowdsourcing platforms across different platform categories, we find that crowd contest platforms report processing IP addresses significantly less often (38%), while they tend to process passport and identity card data more often (49%) relative to the other crowdsourcing platforms. As Fig. 4.12 shows, beside these data types, we do not observe particular differences across platform types. When comparing the listed types of data processed within the German fintech sector, we observe that, for example, bank account details (only 23% in the fintech sector), IP address (only 13% in the fintech sector), and password (only 7% in the fintech sector) are mentioned significantly more often by crowdsourcing platforms (Dorfleitner & Hornuf, 2019, p. 20).

A horizontal bar graph plots the percentage of personal data types processed such as e-mail address, name, address, phone number, password, IP address, gender, and others in Germany, China, and U S A. The highest data are processed for Email addresses in Germany. — **Fig. 4.10**

A horizontal bar graph of personal data types not processed according to the privacy statement. The values are G P S data 2, graduation 1, occupation 1, passport and identity card data 1, and Bank data 1. — **Fig. 4.11**

In addition to personal data, the GDPR defined in Art. 9 special categories of personal data, stating that “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.” According to the privacy statements even of German crowdsourcing platforms, some of these data are nevertheless processed. After the GDPR became binding, processing of this data is only permitted by law in exceptional cases. This is the case, for example, if users have expressly consented to the processing of sensitive data for specific purposes or if the platform company processes data in compliance with its labor and social law obligations (Art. 9 (2) GDPR).

As Fig. 4.13 shows, Chinese crowdsourcing platforms frequently process data about nationality and citizenship (67%), while Germany (9%) and the U.S. (8%) do so much less frequently. All three countries are rather similar in the processing of pictures and biometric data, with China processing user pictures the least. However, the U.S. more frequently processes conversation recording data (24%) than the other two countries. In particular U.S. platforms (11%) report to process health-related data, while respectively only 2% of Chinese and German platforms mention in their privacy statements the processing of such data. Platforms from Germany and the U.S., however, note that they would also process genetic data (2% and 5%, respectively). Especially U.S. crowdsourcing platforms further indicate the processing of data related to sexual orientation (8%), political views (7%), religious affiliation (7%), trade union membership (6%), as well as signature, writing sample, and fingerprint data (3%).

Again, and as Fig. 4.14 shows, U.S. platforms explicitly mention which data is not processed by the platforms. Most frequently the privacy statements mention biometric data (N = 9), followed by health-related data, genetic data, sexual orientation, political orientation, religious confession, trade union membership (all N = 7), and nationality and citizenship (N = 1). Thus, while the U.S. platforms are again explicit in stating which data is not processed, they also mention a much larger variety of special categories of personal data that is processed. Chinese crowdsourcing platforms stand out for their processing of nationality and citizenship.

A horizontal bar graph plots the percentage of personal data types processed like e-mail address, name, address, phone number, IP address, and others for labor markets, contests, complimentors, and collaborative communities. The highest data are processed for email addresses for all groups. — **Fig. 4.12**

A horizontal bar graph presents the percentage of data for citizenship, user picture, conversation recording, biometric data, health-related data, genetic data, sexual orientation, political orientation, and so on in U S A, China, and Germany. Nationality in China records the maximum percentage of 67. — **Fig. 4.13**

A horizontal bar graph represents special categories of personal data with the values such as, citizenship 1, trade union membership 7, religious confession 7, political orientation 7, sexual orientation 7, genetic data 7, health-related data 7, and biometric data 9 which is highest. — **Fig. 4.14**

According to the GDPR, an enterprise is “a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.” Company data are not personal data and therefore are not subject to the GDPR. However, crowdsourcing platforms process various data related to particular companies and their employees. Moreover, a closer look revealed that some platforms in all three countries collect company information from crowdworkers as solo-self-employed (Solo-Selbstständige). As Fig. 4.15 shows, crowdsourcing platforms most often process data related to the company name (41%), e-mail address (23%), phone number (21%), and address (20%). All of these data types are most frequently processed by Chinese platforms and least frequently processed by U.S. platforms. The position of a person in the company and the name of a contact person are on average processed according to 4% of the privacy statements, most frequently by German crowdsourcing platforms. When we compare the processing of this data type, it is evident that this is reported more often by crowdsourcing platforms than by fintech companies in Germany. Only 10% of the privacy statements in the fintech sector reported processing the company name (Dorfleitner & Hornuf, 2019, p. 27).

Because the processing of the IP address was mentioned significantly more often than in the earlier fintech sample of Dorfleitner and Hornuf (2019), we investigate the context in which the IP addresses of the users are processed. As Fig. 4.16 shows, it is predominantly the privacy statements of German crowdsourcing platforms that provide reasons for the processing of the IP address. This finding might result from the fact that the European Court of Justice clarified in its Breyer judgment (C-582/14) that IP addresses are considered data that could be related to individuals and thus are personal data that fall under the scope of the GDPR (see Sect. 3.1 above for details). Similar to the German fintech sector, the German crowdsourcing platforms process the IP address mostly to be able to use web tracking services (62%), social plug-ins (49%), and cookies (45%), to send personalized newsletters (32%), to allow for comments or blog functions of the platform (15%), and to integrate third party content (21%), such as videos, maps, RSS feeds and graphics. If Chinese and U.S. platforms mention a reason for the processing of the IP address, they often name other reasons or refer generally to the storage of data. Often, crowdsourcing platforms argued that processing IP addresses is important for “the security of the company” or “the interest of the user,” or mentioned the necessity to share data with law enforcement. Most Chinese and U.S. privacy statements did not specify any reasons for processing IP addresses.

A horizontal bar graph displays the percentage of company-related data types processed like e-mail address, name, address, phone number, password, IP address, and others, in Germany, China, and the United States. China has the highest percentages in all data, while the United States has the lowest. — **Fig. 4.15**

A bar graph illustrates the percentage of respondents who said yes and no to the privacy statement, with China, Germany, and the United States having the highest number of respondents who answered yes. — **Fig. 4.17**

A bar graph represents the percentage of yes, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative Communities has the most respondents who said yes. — **Fig. 4.18**

Most of the privacy statements not only stated a reason for storing the IP addresses but also mentioned reasons for processing personal data. Figures 4.17 and 4.18 show that in most privacy statements across all three countries and four crowdsourcing platform categories, a reason was given for the processing of personal data. A mere 1% of the Chinese and 2% of the U.S. platforms did not provide a reason for the processing of personal data; all German platforms mentioned the reason for processing personal data. With respect to the crowdsourcing platform categories, we find that in the case of crowd complementors, a reason for the processing of personal data was given in every privacy statement; however, 9% of the crowd contest platforms did not explicitly mention the reason for processing personal data.

Fig. 4.19

Which reason is given for processing personal data? Distinction by crowdsourcing segment. Number of evaluated privacy statements N = 416

Full size image

Very similar to the German fintech sector, privacy statements from all three countries and four crowdsourcing segments stated that the processing of data is vital for contractual purposes and the service delivery for users (94%). This could include the simple contacting of users. The second most common reason for the processing of personal data was for marketing, self-promotion, third-party advertising, and the sending of newsletters (74%). Of somewhat less importance was customer security and the fulfillment of legal provisions (49%), as well as the creation of user profiles to improve offers (44%). Figures 4.19 and 4.20 provide an overview of the mentioned reasons for the collection of personal data.

A horizontal bar graph presents the percentage of different reasons for processing personal data, In U S A, China, and Germany. Germany has the highest proportion for all reasons. — **Fig. 4.20**

According to Art. 15 Sec. 1 GDPR, users have the right to obtain information about the planned period for which their personal data will be stored or, at least, the criteria used to determine that period. Platforms even have an active obligation to provide information regarding the storage period, or at least the criteria that determine the storage period (Art. 13 para. 2 (a), Art. 14 para. 2 (a) GDPR). As Fig. 4.21 shows, with a share of 49% and 60% respectively, around half of the Chinese and German crowdsourcing platforms stated how long they will store users’ personal data. For China, this outcome is likely to be influenced by the provisions of relevant laws, such as the Cybersecurity Law or the E-Commerce Law, which require certain data such as log files to be stored for a certain period of time. At the same time, the privacy statements that mention the limited duration of storage periods seem to voluntarily comply with the 2017 version of the Information Security Technology-Personal Information Security Specification as a non-mandatory national standard. The results are more damning for U.S. platforms, which reported in only 10% of the privacy statements how long data are stored or when data are deleted. If we analyze the four crowdsourcing platform categories, crowd contests seem a bit more exemplary, given that 38% report how long they will store users’ personal data, which is almost twice as long as any of the other three platform categories (Fig. 4.22). A comparison with the German fintech sector (Dorfleitner & Hornuf, 2019, p. 69) reveals that Chinese and German crowdsourcing platforms report with similar frequency how long data are stored or when data are deleted; however, the U.S. is not a role model in this regard.

A bar graph depicts the percentage of yes, and no information in the privacy statement, in China, Germany, and U S A. No information in the privacy statement has the highest percentage in U S A and China. — **Fig. 4.21**

A bar graph exhibits the percentage of yes, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative Communities. No information in the privacy statement has the maximum percentage values among all. — **Fig. 4.22**

4.2 Processing of Data by Third Parties

This sub chapter addresses three research questions: In which form is data processed and potentially forwarded? To whom is this data forwarded? And, if applicable, which third parties provide further information to the platform companies? We again investigate each research question for China, Germany, and the U.S. We also examine differences between different types of crowdsourcing platforms. Finally, we again investigate differences in the processing of data between crowdsourcing platforms and the fintech sector in Germany.

Art. 4 (9) GDPR defines the recipient of data as a “natural or legal person, public authority, agency or another body, to which the personal data are disclosed.” Recipients include “third parties” in the narrow legal sense and other possible recipients of data such as data processors that act on behalf of the platform. The business model of some crowdsourcing platforms makes it necessary to share user data with other parties. For example, the crowdworker’s name and bank data must be transmitted to a payment service provider so that crowdworkers can be paid. In order to make the data transmission secure, the data not only has to be encrypted, but should also be pseudonymized or anonymized. Pseudonymization removes the immediate identification of a crowdworker while the data is processed. If, for example, a pseudonymized user name can be matched with the real name of the crowdworker later on, the data keep the reference to the crowdworker. If merging of further information does not result in a clear association between the data and a natural person, the data are anonymized. Before investigating the processing of user data by third parties and other recipients more thoroughly, we first analyzed the privacy statements of the crowdsourcing platforms regarding whether they pseudonymize or anonymize the data of their users when processing it. As mentioned above, anonymization and pseudonymization are important tools for companies to implement privacy by design.

In general, the mentioning of pseudonymization or anonymization is rare in all three countries and all four crowdsourcing categories. As Fig. 4.23 shows, in the U.S. only 10% of the privacy statements included a respective note regarding pseudonymization and/or anonymization; in China only 18% mentioned the anonymization of user data, while de-identification—the Chinese equivalent for pseudonymization—was explicitly referred to in only 8% of the privacy statements. The pioneer with respect to pseudonymization or anonymization appears to be Germany, where almost every third privacy statement mentioned either of the two privacy practices or both. In comparison with the other three crowdsourcing categories, platforms operating collaborative communities make slightly greater effort to protect data privacy through pseudonymization or anonymization. Overall, 23% of these platforms mentioned either of the two privacy practices or both, as Fig. 4.24 shows.

When we compare these practices with the German fintech sector, it is noticeable that pseudonymization and anonymization are, at least in Germany, used much more frequently on crowdsourcing platforms (only 7% in the fintech sector). This is a remarkable result considering the fact that employee data are almost as sensitive as financial data.

A bar graph depicts the percentage of anonymized, pseudonymized, and no information in the privacy statements, in China, Germany, and U S A. No information in the privacy statement has the maximum percentage values followed by anonymized in all countries. — **Fig. 4.23**

A bar graph presents the percentage of anonymized, pseudonymized, and no information in the privacy statements, for labor markets, contests, complementors, and collaborative Communities. No information in the privacy statement records the most responses among all. — **Fig. 4.24**

While third parties often receive user data through contracts with the platform, some data can also be accessed on the internet, transferred, and processed without the user knowing. For example, marketing agencies or researchers might gather user data by programming a web crawler or bot that systematically browses the public part of the crowdsourcing website.

Almost half of the crowdsourcing platform companies from the U.S. mentioned that they publish personal data; in Germany that figure is 38% and in China only 34%, as Fig. 4.25 shows. The majority of crowdsourcing platforms did not include relevant information in the privacy statement in all three countries. It is probably in the nature of the business that collaborative communities make more user data public; however, this is also what we observe empirically. As Fig. 4.26 shows, more than half of the collaborative community platforms publish user data, while only slightly more than one-third do so among the other three crowdsourcing platform categories. In comparison with the German fintech sector, we find that significantly more user data is published through crowdsourcing platforms. Only 18% of companies in the German fintech sector published user data, according to privacy statements (Dorfleitner & Hornuf, 2019, p. 71). This could be due to the fact that not all fintech business models have the sort of platform that makes the publication of user data necessary or useful. For example, payment data is only rarely published to the general public.^{Footnote 2}

In a next step, we investigate why user data are published. As Fig. 4.27 shows, especially German and U.S. privacy statements mentioned that the publication of personal data was necessary for a public or nonpublic user profile (17% and 15%, respectively) or for comments or blog functions (36% and 37%, respectively). At 35%, other reasons were most frequently mentioned in Chinese privacy statements. Among them were national security, the protection of the public interest, and mandatory requirements of the relevant government agencies. These reasons could stem from the fact that Chinese data protection law, such as the Cybersecurity Law, emphasizes the importance of national security and public interest. The processing of personal data for comments or blog functions was particularly important for online labor market platforms, as Fig. 4.28 shows. Except for China, the reasons for sharing personal data are generally very similar to the German fintech sector.

A bar chart of the percentage of yes, and no information in the privacy statement, in China, Germany, and U S A. The maximum values for no information in the privacy statement are China, 64%. Germany, 62%. U S A, 53%. — **Fig. 4.25**

A bar graph depicts the percentage of yes, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative Communities. No information in the privacy statement holds the maximum percentage values. — **Fig. 4.26**

A bar graph of the percentage of public or non-public user profiles, comments or blog functions, and other reasons, in China, Germany, and U S A. Comments or blog function has the maximum values in Germany and U S A. — **Fig. 4.27**

Fig. 4.28

For what reason are personal data published? Distinction by crowdsourcing segment. Number of evaluated privacy statements N = 416

Full size image

Are personal data shared with third parties with the consent of the user? As Fig. 4.29 shows, the privacy statements of Chinese and German crowdsourcing platforms very frequently mention that data is transferred to third parties (81% and 89%, respectively). Only around half of the U.S. platforms state that user data leaves the platform. Moreover, in the U.S. around 1% of the privacy statements explicitly mention that personal data is not shared with third parties. There is no such privacy practice in any other country. When investigating the four crowdsourcing categories, we find that all share such data with third parties to approximately the same extent. Crowd complementors never mention explicitly that no personal data is shared with third parties, while all other crowdsourcing categories sometimes do (Fig. 4.30). In the German fintech sector it was never mentioned explicitly that personal data is not transferred to third parties.

A bar graph represents the percentage of yes, and no information in the privacy statement, in China, Germany, and U S A. Majority of respondents stated Yes in their responses. — **Fig. 4.29**

A bar graph presents the percentage of yes, no, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative Communities. The highest value is for respondents who responded Yes. — **Fig. 4.30**

A bar graph presents the percentage of yes, no, and no information in the privacy statement, in China, Germany, and U S A. No information in the privacy statement has the maximum percentage values for all countries. — **Fig. 4.31**

A bar graph exhibits the percentage of yes, no, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative Communities. No information in the privacy statement holds the most responses among all. — **Fig. 4.32**

In a next step we explicitly test whether personal data of crowdworkers are shared with third parties with consent of the user. One reason to share personal data of crowdworkers could be to create a profile of their performance, which is then shared with other platforms the crowdworkers are active on. The sharing of performance and reputation data can be to the advantage of a high-performing crowdworker, but can also be to the detriment of low-performers (Ciotti et al., 2021). As Fig. 4.31 shows, we find that especially German crowdsourcing platforms (28%) mention in their privacy statements that personal data of crowdworkers are shared with third parties, while Chinese and U.S. privacy statements mention such data transfers less frequently (6% and 17%, respectively). Few privacy statements from any of the three countries explicitly mention that they do not share personal data of crowdworkers with third parties. Figure 4.32 presents the frequency by crowdsourcing segment of whether personal data of crowdworkers are shared with crowdsourcing companies or other clients.

As Fig. 4.33 shows, only a few of the crowdsourcing platforms exhaustively listed in their privacy statement what types of personal data of users they share with third parties. Among Chinese crowdsourcing platforms such an exhaustive list was never provided. However, in Germany and the U.S., approximately half of the platform companies at least provide a non-exhaustive list of the types of personal data they share with third parties (55% and 38%, respectively). The least transparent platform category is crowd contests, in which only 20% provided an exhaustive or non-exhaustive list of user data they share with third parties. When we compare the German fintech segment with the German crowdsourcing segment, it becomes evident that crowdsourcing platforms much more frequently provide a non-exhaustive list of the data shared with third parties (26% vs. 75%). Figure 4.34 presents the frequency by crowdsourcing category of whether platforms exhaustively listed in their privacy statement what types of personal data of users they share with third parties.

Most privacy statements did not exhaustively clarify what personal data are shared, even though they mentioned the sharing of data with third parties. Figure 4.35 shows what data were shared with third parties. Often, the crowdsourcing platforms shared information about the bank, account, and payment data of the users, or the e-mail address, name, IP address, and address of the user. In rare cases, U.S. platforms even shared the GPS data of the user with third parties. German platforms generally more frequently specified which data is shared with third parties, while Chinese platforms were least transparent in that respect. A look at the categories of crowdsourcing platforms shows that it depends entirely on the platform category when it comes to which data is passed on to third parties. Payment data is more frequently forwarded by collaborative communities and less often by crowd contests. For crowd complementors, yet again other data types seem to be important. Figure 4.36 presents the frequency of what personal data are shared by crowdsourcing category. If we compare the personal data that is shared with that of the German fintech industry, the list of data looks very similar, although in a different order of rank.

Figure 4.37 and 4.38 give an overview of the reasons for the disclosure of personal data mentioned in the data protection statements. According to the information provided by the crowdsourcing platforms, data was transferred primarily for the purpose of fulfilling contracts, processing orders or providing services, or due to obligations arising from the user relationship (77%), for claims processing (38%), fraud and abuse prevention and risk identification and management (37%), and advertising, marketing and the dispatch of newsletters (34%). Except for the first stated reason for the disclosure of personal data, most other reasons are of higher importance to Chinese and U.S. platforms than to German platforms. Reasons other than those explicitly mentioned for data disclosure appear to have played an important role in Chinese privacy statements. Among them were national and defense security, the protection of public security or vital public interests, and requests of the competent administrative or judicial authorities. The reasons stated most likely stem from the fact that Chinese privacy laws, such as the Cybersecurity Law, emphasize the importance of national security and public interest. Interestingly, the last most frequent reasons mentioned were changes in the corporate structure and the optimization of the business idea or further development of the product. If we compare the reasons for the disclosure of personal data mentioned in the data protection statements with those of the German fintech industry, the stated reasons appear very similar, although the ranking is slightly different.

A column chart depicts the percentage of yes, no, and no information in the privacy statement, in China, Germany, and U S A. No information in the privacy statement holds the maximum percentage values in all countries. — **Fig. 4.33**

A horizontal column represents the percentage of personal data in the United States, Germany, and China, such as bank account data, E-mail address, name, I P-address, address, Phone number, and so on. Bank and email data have the highest percentage values, whereas G P S data has the lowest. — **Fig. 4.35**

A horizontal bar graph indicates the percentage of personal data in the United States, Germany, and China, such as bank account data, E-mail address, name, I P-address, address, Phone number, and so on. Bank and email data have the highest percentage values, whereas Information on Insurance data has the lowest. — **Fig. 4.36**

A horizontal bar graph depicts the percentage of personal data such as contact number, claim processing, fraud prevention, advertising, customer service, processing of the payment, other reason, change in corporate structure, and optimization of business ideas, in U S A, China, and Germany. — **Fig. 4.37**

A horizontal bar graph exhibits the percentage of different purposes of the personal data shared, for labor markets, contests, complementors, and collaborative communities. Contract fulfillment holds the highest value whereas Business optimization with the lowest value. — **Fig. 4.38**

Figure 4.39 shows that in the U.S. around three-quarters of the privacy statements provide information about whom the user data will be shared with. More rarely, this information is provided in 47% of the German privacy statements and almost never mentioned in Chinese privacy statements. Figure 4.40 shows that crowd complementors very frequently indicate to which third parties data are shared; for crowd labor market companies and collaborative community platforms it is only about half. For crowd contest platforms only 25% of the privacy statements are transparent about the destination of the data exchange. If we compare the Germany privacy statements with those of the fintech sector, it turns out that crowdsourcing platforms are on average slightly less transparent about whom the user data will be shared with. Overall, 54% of the companies in the fintech sector revealed this information (Dorfleitner & Hornuf, 2019, p. 75).

While often the list of whom the user data will be shared with was not exhaustive, the crowdsourcing platforms also often stated, as Fig. 4.41 shows, that users’ personal data are passed on to third parties “only in exceptional cases.” This was named in around three-quarters of the Chinese and German privacy statements and somewhat less frequently in U.S. privacy statements (only 40%). Crowd contests and collaborative community platforms named this reasoning for sharing personal data with third parties slightly more often, whereas crowd complementors only used it in less than one-third of the privacy statements (Fig. 4.42).

Some privacy statements also mention that information is not only shared with third parties but also collected by the crowdsourcing platforms from third parties and linked to the data of their own users. Figure 4.43 shows that 29% of the U.S. privacy statements and 22% of the Chinese privacy statements mentioned that data from third parties is collected. The reasons mentioned for reaching out to third parties were, for example, identity and creditworthiness inquiries, and the merging and comparison with social media and marketing data of the user. It is worth mentioning that some U.S. platforms explicitly note that employers or background reporting companies are contacted to obtain information on skills and other characteristics of crowdworkers.^{Footnote 3} However, the third party was explicitly named in only 4% and 9%, respectively. German privacy statements only indicated in 11% that data from third parties was collected, while only explicitly naming the third party in 9% of the privacy statements. As Fig. 4.44 shows, crowd complementors and collaborative communities more frequently collected data from third parties and merged them with existing user data, especially when compared to crowd contest platforms. For all platform categories, the third party was only rarely explicitly named. This picture is very much in line with the German fintech sector.

A bar graph presents the percentage of yes, and no information in the privacy statement, in China, Germany, and U S A. The highest percentages for no information in the privacy statement are 98% in China, 53% in Germany, and 26% in the United States. — **Fig. 4.39**

A bar graph presents the percentage of yes, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative Communities with their values respectively. — **Fig. 4.40**

A bar graph depicts the percentage of yes, and no information in the privacy statement, in China, Germany, and U S A. The highest percentage values are from no information in the privacy statement. — **Fig. 4.41**

A bar graph denotes the percentage of yes, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative Communities. Most of the responses are Yes from all segments. — **Fig. 4.42**

A bar graph represents the percentage of yes, explicitly naming of third parties, and no information in the privacy statement, in China, Germany, and U S A. The highest percentages for no information in the privacy statement are 78% in China, 89% in Germany, and 71% in the United States. — **Fig. 4.43**

A bar graph exhibits the percentage of yes, explicitly naming of third parties, and no information in the privacy statement. The maximum percentages for no information in the privacy statement are 76% in Labor markets, 82% in Contests, 58% in Complementors, and 71% in collaborative communities. — **Fig. 4.44**

As Fig. 4.45 shows, especially in Germany the crowdsourcing platforms (72%) stated in their privacy statements that they integrated social plug-ins in their services. Social plug-ins, which provide access to third parties, help distribute the content of the users or the crowdsourcing platform. Well known examples are Facebook’s “Like” button and Twitter’s “Tweet” button, which allow users to share the content from the crowdsourcing platform on the social media website. Information is transferred from the browser of the user to the respective third parties. In the U.S., privacy statements mention the use of social plug-ins less often (44%) and in China social plug-ins are even less popular, which might result from the fact that services are often based on mobile applications and Facebook and Twitter are banned in China. Although some Chinese platforms collect the data of WeChat or QQ accounts from platform users as a requirement to log into the websites or apps,^{Footnote 4} their privacy policies do not mention the use of such social plugins at all. Collaborative communities and crowd complementors use social plug-ins slightly more often than the other two crowdsourcing categories, as Fig. 4.46 shows.

Figure 4.47 lists the companies whose social plug-ins were used by crowdsourcing companies. Around half of German crowdsourcing companies stated in their privacy statement that they used a social plug-in from Facebook (64%), Twitter (43%), LinkedIn (36%), and YouTube (32%). Social plug-ins from Google+, Xing, Instagram, Pinterest, Slideshare, Myspace, Shariff, Snapchat and Widgets were less frequently included (less than 50% each). Chinese platforms only rarely mentioned the use of plug-ins from companies such as WeChat, Weibo, QQ, Ding Talk, Bajie IM, and MSN (no more than 10% each).

As Fig. 4.48 shows, especially German crowdsourcing companies (94%) stated in their privacy statement that they use tracking services to collect and evaluate data on the behavior of users on their website. Web tracking enables crowdsourcing platforms to track which internet sites users visit before or at the same time, which content they call up on the website, how often and for how long they view this content, and where they subsequently migrate to (Dorfleitner & Hornuf, 2019). Four out of five U.S. privacy statements mentioned the use of tracking services; in China it was not even two-thirds. Collaborative communities and crowd complementors mentioned the use of tracking services more often than crowd labor markets and crowd contest platforms, as indicated by Fig. 4.49. Finally, and as Fig. 4.50 shows, some privacy statements mentioned the use of more than one web tracking service. The most popular service in the U.S. and Germany is Google Analytics, which is in line with usage behavior in the German fintech sector. Other services that are not reported in Fig. 4.51 (because they were only named in one privacy statement) are: UserVoice, Heatmaps, LinkedIn Analytics, NewRelic, Unbounce, HQ, Jetpack, GetSiteControl, Kissmetrics, Mandrill, Tumblr, Segmento.io, Google Optimize, and CrazyEgg for Germany; and NewRelic, Mouseflow, Inspectlet, Unbounce, Optimizely, MaxMind, GetSiteControl, Flurry, Twilio, Kissmetrics, Newrelic, Tumblr, and Criteo for the U.S.

A horizontal bar graph presents the percentage use of Facebook, Twitter, LinkedIn, YouTube, Instagram, Pinterest Slide Share, My space, Shariff, Snapchat, Widgets, WeChat, Weibo, Q Q, Ding Talk, Bajie I M, M s n, in U S A, China, and Germany. Germany holds the majority of users of social plug-ins. — **Fig. 4.47**

A bar graph exhibits the percentage of yes, and no information in the privacy statement, in China, Germany, and U S A. Most of the responses are Yes. The values are as follows. China, 64%. Germany, 94%. U S A, 80%. — **Fig. 4.48**

A bar graph of the percentage of yes, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative communities. Most of the responses are Yes. The values are as follows. Labor, 64%. Contests, 66%. Complementors, 88%. Collaborative communities, 88%. — **Fig. 4.49**

A bar graph denotes the number of analytics in Germany, and U S A by 6 companies. The respective analytics of Germany and U S A are 22 and 61 for company 1. 8 and 3 for 2. 8 and 8 for 3. 3 and 8 for 4. 2 and 3 for 5. and 1 and 0 for company 6. — **Fig. 4.50**

A horizontal bar graph presents the number of analytics services used by different companies in U S A, and Germany. Google Analytics is the most popular service in both countries with maximum percentages of 88 and 42. — **Fig. 4.51**

A bar graph presents the number of advertising services for 9 different companies in Germany and U S A. Company 1 uses the highest number of advertising services. — **Fig. 4.52**

We identified different advertising services in the privacy statements that crowdsourcing companies use to increase user activity on the platform. As Fig. 4.52 shows, some crowdsourcing platforms used up to nine different advertising services. Figure 4.53 lists the advertising services mentioned in the privacy statements. Of the services, Google, LinkedIn, Facebook, AdRoll, Bing Ads, and Twitter were frequently used in Germany and the U.S. Generally, the evidence shows that crowdsourcing companies remain rather silent about the advertising services they use. The German fintech sector has been somewhat more transparent in that respect.

The purpose of cookies is, among others, to store information associated with a website locally on the computer of the user for a certain period and then to transmit this information back to the server of the crowdsourcing platform on request. The website of the crowdsourcing platform can then be individualized for the user, if cookies allow authenticating the user when he or she returns to the platform web page. As Fig. 4.54 shows, German and U.S. platforms frequently mention the use of cookies in their privacy statements (96% and 90%, respectively); Chinese platforms report the use of cookies significantly less often (27%). The remaining crowdsourcing platforms did not provide any information on the use of cookies. German and U.S. platforms also differentiate between the use of temporary and permanent cookies, while Chinese privacy statements do not make such a distinction. The evidence shows that the use of both temporary and permanent cookies is mentioned more frequently in German (49% and 40%) than in U.S. (27% and 24%) privacy statements. In the remaining privacy statements, the crowdsourcing platforms provided no information about the type of cookies used. Some companies used both temporary and permanent cookies. Figure 4.55 shows how often the use of cookies is mentioned among the different crowdsourcing platform categories. Crowd contests mention the use of cookies less frequently than the other platforms categories. Generally, the use of cookies among German crowdsourcing platforms is very similar to the use of cookies in the German fintech sector.

A bar graph of the number of advertising services used by 10 different companies in U S A, and Germany. Google Advertising Services is the most popular service in both countries with the highest percentages of 29 and 35. — **Fig. 4.53**

A bar graph denotes the percentage of yes, and no information in the privacy statement, temporary cookies, and permanent cookies, in China, Germany, and U S A. Most of the responses are Yes for all the 3 countries. — **Fig. 4.54**

A bar graph depicts the percentage of yes, no information in the privacy statement, temporary cookies, and permanent cookies, for labor markets, contests, complementors, and collaborative Communities. The majority of responses are Yes from all segments. — **Fig. 4.55**

Finally, data were also transmitted to the crowdsourcing platforms by the user’s browser, smart phone or tablet through server log files. As Fig. 4.56 shows, in all three countries, fewer than one-fifth of the crowdsourcing platforms provided an exhaustive list of the data processed. In fact, in China an exhaustive list of the data processed was never provided. Platforms in the U.S. (78%) and Germany (79%) at least provided a non-exhaustive list of the data processed through log files, while in China only 31% of the privacy statements provided such a list. As Fig. 4.57 shows, collaborative communities and crowd complementors more frequently provide a non-exhaustive list of the data processed via log files, while crowd contests only rarely do so. Figures 4.58 and 4.59 show the data processed using log files. In general, Chinese platforms less frequently name the type of data processed through log files, while German and U.S. platforms often mention the IP address or domain name, referrer URL or referring website, and the browser type and version. The general geographic location was also frequently named in U.S. privacy statements.

A bar graph presents the percentage of exhaustive lists, non-exhaustive lists, and no information in the privacy statement. The highest values are from no information in the privacy statement for China whereas non-exhaustive lists record the highest percentage in Germany and U S A. — **Fig. 4.56**

A bar graph presents the percentage of exhaustive lists, non-exhaustive lists, and no information in the privacy statement, for labor markets, contests, complementors, and collaborative communities. — **Fig. 4.57**

Three horizontal bar graphs indicate the percentage of data processed by different log files, in China, Germany, and U S A. I P Address has the maximum percentage in China and Germany. Browser Type holds the highest percentage in U S A. — **Fig. 4.58**

A horizontal bar graph depicts the percentage of data processed by different log files, in China, Germany, and the United States Of America. Germany followed by the United States Of America holds the maximum percentages in most of the segments. — **Fig. 4.59**

Notes

1.
For alternative ways to inform users about the processing of their data, see Geminn et al. (2021).
2.
For a noteworthy exception, see www.vicemo.com
3.
For example, the platform Appen states in its privacy statement: “We may also collect personal data from third parties such as your employing organization, regulatory authorities, recruitment agencies […].” The company Alegion emphasizes in its privacy policy: “We may collect information about you from other sources and add it to the other information we collect, directly or automatically, about you. This information may include […] information about workers, such as user name and skills, from a Worker’s employing entity, accreditations, qualifications, education, and other relevant information.”
4.
For example, the authors had to enter QQ account information when they wanted to log into the K68 platform. However, K68’s privacy statement does not mention that the platform processes QQ account information.

References

Boudreau, K. J., & Lakhani, K. R. (2013). Using the crowd as an innovation partner. Harvard Business Review, 91(4), 60–69, 140. Accessed from https://europepmc.org/article/med/23593768
Ciotti, F., Hornuf, L., & Stenzhorn, E. (2021). Lock-in effects in online labor markets. CESifo Working Paper No. 9379. Accessed from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3953015
Dorfleitner, G., & Hornuf, L. (2019). FinTech and data privacy in Germany: An empirical analysis with policy recommendations. FinTech and Data Privacy in Germany: An Empirical Analysis with Policy Recommendations, 2019, 1–121. https://doi.org/10.1007/978-3-030-31335-7
Article Google Scholar
Dorfleitner, G., Hornuf, L., & Kreppmeier, J. (2023). Promise not fulfilled: FinTech, data privacy, and the GDPR. Electronic Markets, forthcoming.
Google Scholar
Geminn, C., Leon, F., & Karl-Raban, H. (2021). Die Informationspräsentation im Datenschutzrecht – Auf der Suche nach Lösungen. ZD-Aktuell, 05335.
Google Scholar
Lee, J.-A., & Liu, C.-Y. (2012). Forbidden City enclosed by the great firewall: The law and power of internet filtering in China. Minnesota Journal of Law Science & Technology, 13(1), 125–151. Accessed from https://scholarship.law.umn.edu/mjlst/vol13/iss1/6
Google Scholar
McDonald, A. M., & Cranor, L. F. (2009). The cost of reading privacy policies. I/S: A Journal of Law and Policy for the Information Society, 4(3), 543–568. Accessed from https://heinonline.org/HOL/Page?handle=hein.journals/isjlpsoc4&id=563&div=&collection=
Mrass, V., & Leimeister, J. M. (2018). Crowdworking-Plattformen als Enabler neuer Formen der Arbeitsorganisation. In H. Fortmann & B. Kolocek (Eds.), Arbeitswelt der Zukunft: Trends – Arbeitsraum – Menschen – Kompetenzen (pp. 139–151). Springer Fachmedien. https://doi.org/10.1007/978-3-658-20969-8_10
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Faculty of Business and Economics, Technische Universität Dresden, Dresden, Germany
Lars Hornuf
Faculty of Business Studies and Economics, University of Bremen, Bremen, Germany
Sonja Mangold
Faculty of Economic Law, Southwest University of Political Science and Law, Chongqing, China
Yayun Yang

Authors

Lars Hornuf
View author publications
You can also search for this author in PubMed Google Scholar
Sonja Mangold
View author publications
You can also search for this author in PubMed Google Scholar
Yayun Yang
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Hornuf, L., Mangold, S., Yang, Y. (2023). Privacy Statements in China, Germany, and the United States. In: Data Privacy and Crowdsourcing . Advanced Studies in Diginomics and Digitalization. Springer, Cham. https://doi.org/10.1007/978-3-031-32064-4_4

Download citation

DOI: https://doi.org/10.1007/978-3-031-32064-4_4
Published: 28 July 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-32063-7
Online ISBN: 978-3-031-32064-4
eBook Packages: Business and ManagementBusiness and Management (R0)

Publish with us

Policies and ethics