The Information Commissioner’s Office has started a consultation into its code of practice guidelines on data privacy notices in a move could mean that local authorities and public sector organisations having to change current privacy policies.
It would also mean changes to public sector websites in order to allow access from mobile devices.
In a blog post on the organistion’s website, ICO group manager for policy delivery, Jo Pedder said the consultation would look at problems such as unclear data privacy notices that are “too long, overly legalistic, uninformative and unhelpful”.
“The code of practice has not been revised for several years which is a long time in the digital world,” she said. “The way personal data is used rapidly changes and the ICO has undertaken this review with that in mind,” she said.
“Ensuring that individuals have a clear understanding of what is done with their personal data is a fundamental point of the Data Protection Act (DPA). This code of practice has been written to show organisations how they can achieve this in a clear and engaging way.”
She said there would be a further focus on producing privacy notices that are easier for individuals to engage with.
“Individuals see a lengthy privacy notice and are instantly put off. That is why the ICO is recommending a more blended approach,” she said.
“For example, a just in time message that appears to tell you why your email address is needed when you are filling out an online form will be more effective than having to click onto a separate privacy notice or search for this information.”
She added that people are spending more time on phones and tablets and that often means that privacy notices will look smaller and need zooming in on in order to read. Many local authorities’ and public sector organisations’ websites are still more geared towards desktop computers, so may need to be updated so that users can access these from other devices.
“To address this we are providing advice on how to make privacy notices on smartphones and tablets as easy to view as they should be on a personal computer or laptop,” said Pedder.
She said that the code would also look at consent and how data is shared with third parties.
“We have produced best practice standard wording for organisations to use when seeking consent for marketing, which we’ve tested with members of the public. We believe our recommended standard approach will ensure that individuals can indicate clear choice over who they would like to hear from and what products or services they are interested in,” said Pedder.
Pedder added that the code has been developed with the General Data Protection Regulation in mind, alongside the current DPA. “However, we intend to make precise and technical changes to the final text after we have received all of the feedback from the consultation,” she said.