ICO consults on revised privacy notices code of practice

The Information Commissioner's Office (ICO) has launched a consultation on "Privacy notices, transparency and control – a code of practice on community privacy information to individuals". The consultation closes on 24 March 2016.

The ICO has revised its Privacy notices code of practice to provide more guidance to organisations on how to make privacy notices more engaging and effective for individuals and to emphasise the importance of providing them with greater choice and control over what is done with their data. The ICO considers that all too often privacy notices are "too long, overly legalistic, uninformative and unhelpful" and often individuals choose to ignore them and miss out on important information. To address this, the ICO is recommending "a more blended approach", using different techniques such as a just-in-time message informing an individual why their email is needed or a short video explaining how the organisation will use the personal data it collects. The code also explores how best to provide privacy notices on small screens such as smartphones, tablets and other smart devices. In an area of concern for many organisations, the code looks at consent in relation to third party marketing and has devised best practice standard wording for organisations to use when seeking consent for marketing. Last year, the ICO fined on an online pharmacy for failing to provide clear and prominent information to individuals informing them how their data would be used and who it would be shared with (see Legal update, ICO issues £130,000 fine for breach of the first data protection principle).

The ICO is developing the code with the General Data Protection Regulation in mind (which includes stricter rules on obtaining consent and will require organisations to provide more information to individuals), as well as the Data Protection Act 1998. For more information see Practice note, EU data protection regime proposals: Analysis and noter-up and Practical Law's Compliance: Data Protection webpage.

Source: Information Commissioner's Office blog, 2 February 2016 and consultation.