New laws and regulations are increasingly focusing on privacy policies. The General Data Protection Regulation (GDPR) in Europe, and the California Online Privacy Protection Act (CalOPPA) both require commercial websites to have privacy policies. Ideally, these privacy policies would be accurately describe to users what happens with their data, and what data exactly is covered. However, many websites do not comply with these regulations. With the release of privacy policy generators, it has become easy to create generic privacy policies, but this fails to fully capture the ways in which a company uses a consumer's data. In this work, we analyze a set of 10,000 policies after the introduction of the GDPR, and find that there are widespread similarities between policies and large amounts of plagiarism. This indicates that there is most likely a good deal of non-compliance with these laws, and that privacy policies may not be completely informing consumers of how their data is being used.