ICO consults on the privacy notices code of practice and the implications for the GDPR
Alternative Methods to privacy notices?
The ICO is consulting on ways to deal with privacy notices. The consultation on “Privacy notices, transparency and control – a Code of practice on community privacy information to individuals" (“the Code”) highlights that many do not wish to read lengthy and legally worded privacy notices. The draft Code suggests alternative more flexible and user-friendly methods to communicate privacy codes and information to digital users. These include:
- Interesting and engaging videos or audio messages
- Pop-ups and imbedding information in online forms
- Limiting links to other web pages
- Keeping notices clear and to the point without any legal jargon
- “just-in time” notifications on mobile devices
- Icons and symbols with hover function
- An interactive privacy dashboard
As well as the specific methods above the Code advocates flexibility and multiple layering of methods, seeking to promote more interactive and accessible ways for digital users to understand privacy notices and enhance engagement in the monitoring of their data.
ICO launches consultation
The Information Commissioner’s Office (“ICO”) has launched the consultation and the draft Code offers further guidance to businesses and organisations on various issues surrounding the processing of personal data. The Code addresses concerns around consent and recommends using varying techniques with a focus on digital communication. This is an important area for businesses to consider as large monetary fines and penalties (up to £500,000) can be issued for failing to provide appropriate information to individuals about how their data is used.
The Code has been issued under section 51 of the Data Protection Act (“DPA”) and is drafted in line with the principles of the DPA, the drafting has also been considered in relation to the draft General Data Protection Regulation (“GDPR”). The GDPR is still in draft form and a final version is due to be released later in 2016 although it may require further amendment to conform to the finalised version of the GDPR (see our earlier blogs on the GDPR also known as the EU Data Protection Regulations).
For further details see the consultation paper (https://ico.org.uk/media/about-the-ico/consultations/1560560/consultation-form-privacy-notices-Code-of-practice-pdf.pdf) or the ICO website. The consultation is open to everyone and closes on 24 March 2016, after this date the views submitted will be considered by the ICO and a proposed draft is anticipated to be released later this year.
If you would like to discuss any of the above, please do not hesitate to get in touch with your usual Stevens & Bolton contact or email Beverley Flynn, Head of Data Protection: email@example.com