ICO issues updated code of practice and checklist on privacy notices

The Information Commissioner's Office’s new code of practice on privacy notices gives guidance on how to write a new privacy notice; how to develop an existing privacy notice, and how to evaluate an existing privacy notice. The code, published on 7 October, takes into account feedback from stakeholders, and includes examples that show how the different approaches the ICO recommends can work in practice, including for mobile devices.

The ICO recommends using just-in-time notices, a layered approach and icons. The code has a short, separate section on the further requirements imposed by the EU Data Protection Regulation (GDPR), and includes a checklist for organisations. The EU is expected to develop standard icons as suggested by the GDPR. The ICO’s own privacy mark project is currently on hold.

The ICO explains that the code ‘also applies to situations where it may be less obvious that data is being collected, such as when people are observed by smart devices or when information is inferred from how an individual behaves online’.

The checklist 

The 35 page code 

Read an exclusive interview with Elizabeth Denham, Information Commissioner, in the next issue of PL&B UK Report.