The ICO has revised its privacy notices code of practice with the aim of helping organisations to make privacy notices easier to understand in the eyes of the public.
The requirement to ensure individuals have a clear understanding of what is done with their personal data is a fundamental point of the Data Protection Act. However, the ICO has developed the fresh guidance with one eye on the enhanced requirements in the forthcoming EU General Data Protection Regulation (GDPR).
One of the key components of the GDPR is an increased emphasis not just on when and where privacy information is provided, but how clearly that information is communicated.
Specifically, the GDPR makes reference to the need for privacy information to be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
The ICO is concerned that that privacy notices are often "too long, overly legalistic, uninformative and unhelpful" and that individuals are "instantly put off" when they see lengthy notices. As such, too many individuals are simply ignoring information about how their personal data is processed.
The ICO hopes that organisations can provide information in a "clear and engaging way" by complying with the recommendations in its code of practice. These include:
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at March 2016. Specific advice should be sought for specific cases. For more information see our terms & conditions.