By Brian Davidson, CIPP/E
Privacy notices inform individuals about how organisations use their personal data and their rights under the Data Protection Act. They also allow organisations to meet their obligations under the act to provide fair processing information to such individuals.
The ICO’s current guidance was published in 2009 and gives good practical advice and explains how organisations can make their notices as informative and readable as possible. However, the ICO considers that widespread use of technologies—such as smartphones—and changes to existing good practice relating to privacy notices—such as the concepts of “privacy experience” and designing in privacy information—means that the code should be updated to reflect such changes.
The ICO is currently looking for feedback on the existing code, including suggestions on what can be altered, added or removed, including any examples of good or bad practice that individuals may have come across in their personal or professional life that may be useful.
“Organisations are looking to analyse and use more and more personal data—transparency of that processing remains a vital tool in making sure that people continue to trust an organisation with their information. A clear and simple, but informative, privacy notice can be an effective way to demonstrate this transparency. This is important because providing genuine transparency lies at the heart of many emerging data protection issues—from the use of medical data for research to innovative uses of personal data in integrated internet services,” said Steve Wood, head of policy delivery at the ICO, in a recent blog post.
You can email your feedback to the ICO by visiting here. The feedback will then be considered with a view to publishing an updated code next year.
Brian Davidson, CIPP/E, is a privacy and information law advisor at Field Fisher Waterhouse, LLP.