Blog: ICO joins global sweep to improve website privacy policies

Data protection is very much an international issue, as those of you following the planned EU-led law changes will be aware.

We work closely with our equivalent organisations in other European countries to make sure there is consistency in how we approach data protection, but we also look beyond that to target a level of consistency worldwide.

The work we’re doing this week is a prime example of that. The ICO is one of 19 data protection authorities from around the world carrying out a global project to improve websites’ privacy policies, organised by the Global Privacy Enforcement Network (GPEN).

We’ll be examining 250 sites based in the UK, looking closely to see how easy the policies are to read, and how clearly they explain how personal information is being handled.

Privacy policies might not sound like the most interesting topic for such a study, but they’re crucial in making sure consumers know how their personal information is being used.

Too often we find organisations using the notices to protect themselves rather than inform the public, and there’s no excuse for this. Our privacy notices page covers what these policies should say, and there’s a few ‘top tips’ below that even the smallest business should be following.

All of the results of the ‘privacy sweep’ will be brought together by the Office of Privacy Commissioner of Canada, and a report will published by GPEN in the autumn, giving a global overview of whether the privacy policies available are compliant. It is expected to also identify websites where further action may be required to comply with relevant national and international laws.

How to get your privacy policy right

  • Do customers know who you are and what you are going to do with their information? The privacy policy gives you a chance to tell them.
  • Make sure your policy is clear, honest and will be understood by the people it is aimed at.
  • Avoid confusing mixtures of ‘tick here to opt-ins’ and ‘tick here to opt-out’, and don’t pre-tick consent boxes.
  • Make sure customers know the difference between information they need to provide to get the goods or services they’ve requested, and information which is optional.
  • Review your privacy notice from time to time to make sure it is accurate, up to date and accessible to your customers.
  • See our privacy notices code of practice (pdf) for more detailed advice about collecting and using personal information.
Ian WilliamsIan Williams worked on the International team at the ICO.
This entry was posted in Ian Williams and tagged , . Bookmark the permalink.