An international study suggests websites could provide clearer information to customers on how their personal data is being used, but found some examples of good practice.
The project, highlighted in an ICO blog back in May, saw 19 data protection authorities from around the world analyse 2,186 website privacy policies.
The study is the first of its kind, and was coordinated by the Global Privacy Enforcement Network (GPEN) to enable international privacy enforcement authorities to work together to protect the privacy rights of individuals across the world.
The purpose was not to conduct an in-depth analysis of the privacy practice of each website, but to replicate the consumer experience by spending a few minutes on each website looking at what information was provided to identify global trends.
In the UK, we focused on 250 of the larger websites, so we’d expect them to be clear as to how they collect and handle personal information.
The international work also gave some examples of best practice noted by GPEN members:
- Using plain language to make the information easily understandable and readable to the average person.
- Using subheadings, short paragraphs, FAQs and tables, to make the policies easier to read.
- Including privacy-related information that consumers would be interested to learn.
- Ensuring privacy policies include contact information for the particular individual with responsibility for privacy practices within that organisation, and even providing more than one option for contacting that individual.
Our privacy notices code of practice sets out the sort of information we would expect to be provided in a privacy notice as a matter of best practice. Our findings from this study will feed into our work reviewing this code of practice in the coming months. If you have ideas or comments about what we should cover, let us know.
|Adam Stevens manages the Intelligence Hub within the Enforcement Department, which collects, analyses and disseminates information with the aim of guiding and supporting the ICO’s approach to regulatory action.|