What are ‘privacy notices’?
Let’s go back to basics – what is a privacy notice and what is it for? A privacy notice is an explanation of how an organisation handles personal information and what rights an individual has in relation to that information. The idea is that each individual should know what an organisation does with his or her personal information. If that individual doesn’t like what it reads in an organisation’s privacy notice, then he or she can choose not to share their personal information with that organisation.
The two terms are often used interchangeably but technically, privacy notices are public-facing documents, whereas privacy policies are often internal documents that explain data processing responsibilities to employees to maintain GDPR compliance.
What is the purpose of privacy notices?
Almost every website has a link to a privacy notice. More often than not it is tucked away in the footer of a web page. It’s probably fair to say that very few people actually read them. However, data protection regulators and consumer protection bodies are very concerned about what is in such policies, where they are found and how they are brought to the attention of individuals.
Under the General Data Protection Regulation (GDPR) that scrutiny has increased as did the number of things that had to be included in such privacy notices.
The GDPR strengthened the rights of individuals. One element of the regulation requires that privacy notices must include more information. Previously, regulators were frustrated with the number of vague, long and often complicated privacy notices, half hidden on websites which did not inform individuals as they should. The GDPR aims to give individuals genuine choices in relation to how organisations process their personal information.
How has the GDPR changed organisations’ approach to privacy notices?
Due to the GDPR, organisations are now a lot more careful about what they put in privacy notices and where and when they display them. Individuals are also a lot more savvy about their rights and, in our experience, are much more likely to challenge organisations in relation to their policies and the manner in which they process personal information. As data protection specialists, we have extensive experience in overcoming these challenges. Read more about us here.
Organisations are taking steps to ensure that privacy notices are true, concise, transparent, intelligible and easily accessible. In other words, they are not writing them in complex legal language and are making them easy to find. They are using what are called ‘just in time notices’ which point out to an individual what they are going to do with that individual’s personal information at the time that individual provides it.