Code of practice highlights best (and worst) practices in data privacy
The Information Commissioner’s Office (ICO) has called for an overhaul of privacy notices that leave consumers baffled by unnecessary legalese.
Consumer research by the ICO shows that half of consumers don’t understand what they’re signing up to when they fill in online and paper forms. The ICO launched a privacy notices code of practice in June to help organisations provide more user-friendly privacy and marketing notices.
Privacy notices are the oral or written statements that individuals are given when information is collected about them, and explains who is collecting the information, what is going to be done with it, and who it will be shared with. The privacy notice can go beyond this, for example, by explaining access rights and rights of complaint.
Tom Morrison, associate, Rollits, says: “In an attempt to comply with the law some organisations have lost sight of the primary purpose of a privacy notice; to enable individuals to ascertain how their personal information will be handled, rather than to tick a box saying that a section of the Data Protection Act 1998 has been complied with.
“The effectiveness of a privacy notice is generally inversely proportionate to its length and complexity. As notices get more detailed the ability to get through to the key points becomes increasingly difficult, and it has reached the stage where individuals can no longer see at a glance how their information will be handled.
“This has been identified as a particular issue over recent years, which led the Article 29 Working Party, a group which co-ordinates the approach taken by information commissioners throughout Europe, to propose a code of practice. It is out of this that the UK’s information commissioner pushed for a code highlighting what he considers to be best—and worst—practice.
“The code is no substitute for taking sound legal advice and has no legal effect in itself, but it is certainly a positive development and a tool which should have an impact on the approach organisations take to designing comprehensive but easy to understand privacy notices.”
Chris Graham, the former director general of the Advertising Standards Authority, took over from outgoing information commissioner, Richard Thomas, in June.
