Blog: ICO joins global sweep to improve website privacy policies
In this section
- Looking ahead, staying ahead
- ICO to write to 1,200 potential blacklisted workers
- Privacy Policies Code of Practice
- One small step for EU Parliament could prove one giant leap for data protection
- Data leaks in local government
- Apps, games and social media: why we’re educating children on the value of their personal information
- Warsaw conference lays foundations for progress in international coordination
- Data protection can help enhance, rather than deter, necessary information sharing
By Ian Williams
10 May 2013
Data protection is very much an international issue, as those of you following the planned EU-led law changes will be aware.
We work closely with our equivalent organisations in other European countries to make sure there is consistency in how we approach data protection, but we also look beyond that to target a level of consistency worldwide.
The work we’re doing this week is a prime example of that. The ICO is one of 19 data protection authorities from around the world carrying out a global project to improve websites' privacy policies, organised by the Global Privacy Enforcement Network (GPEN).
We’ll be examining 250 sites based in the UK, looking closely to see how easy the policies are to read, and how clearly they explain how personal information is being handled.
Privacy policies might not sound like the most interesting topic for such a study, but they’re crucial in making sure consumers know how their personal information is being used.
Too often we find organisations using the notices to protect themselves rather than inform the public, and there’s no excuse for this. Our privacy notices page covers what these policies should say, and there’s a few ‘top tips’ below that even the smallest business should be following.
All of the results of the ‘privacy sweep’ will be brought together by the Office of Privacy Commissioner of Canada, and a report will published by GPEN in the autumn, giving a global overview of whether the privacy policies available are compliant. It is expected to also identify websites where further action may be required to comply with relevant national and international laws.
- Make sure your policy is clear, honest and will be understood by the people it is aimed at.
- Avoid confusing mixtures of ‘tick here to opt-ins’ and ‘tick here to opt-out’, and don’t pre-tick consent boxes.
- Make sure customers know the difference between information they need to provide to get the goods or services they’ve requested, and information which is optional.
- Review your privacy notice from time to time to make sure it is accurate, up to date and accessible to your customers.
- See our privacy notices code of practice (pdf) for more detailed advice about collecting and using personal information.
Lead Policy Officer, International Team
10 May 2013