ICO seeks input on Privacy Notices Code of Practice
The ICO is currently consulting on proposals for a revised Privacy Notices Code of Practice. The consultation, which runs until 24 March, seeks views on how to provide privacy information in a clear and engaging way, as well as engaging individuals better than before.
New ideas include just-in-time messages for websites and mobile apps that appear, for example, at the time when filling in an online form. Other issues that arise from the EU Data Protection Regulation include layered notices, complemented by icons and symbols.
Online videos could be used to complement a privacy policy, the ICO says. In addition, the ICO proposes to develop an online tool for data controllers (particularly for smaller businesses with a less complex data environment) that would generate a privacy notice, incorporating standard wording that the ICO considers to be best practice. This would then be embedded into a website, mobile app or used in hard copy.
On transparency and consent, the ICO says that ‘When relying on consent, your method of obtaining it should be clear and prominently displayed to individuals. Good practice is to use an unticked opt-in box. If your consent mechanism consists solely of an “I agree” box with no supporting information then users are unlikely to be fully informed and the consent cannot be considered valid.’
‘If you process information for a range of purposes, you should explain this to people. When doing so, you should provide a clear and simple way for them to indicate that they agree to each type of processing. In other words, people should not be forced to agree to several types of processing simply because your privacy notice only includes an option to agree or disagree to all. People may wish to consent to their information being used for one purpose but not another.’
‘Good practice would be to list the different purposes where you are relying on consent with individual unticked opt-in boxes for each or Yes/No buttons of equal size and prominence.’