ICO issues updated code of practice and checklist on privacy notices

The Information Commissioner’s Office’s new code of practice on privacy notices gives guidance on how to write a new privacy notice; how to develop an existing privacy notice, and how to evaluate an existing privacy notice. The code, published on 7 October, takes into account feedback from stakeholders, and includes examples that show how the different approaches the ICO recommends can work in practice, including for mobile devices.

The ICO recommends using just-in-time notices, a layered approach and icons.  The code has a short, separate section on the further requirements imposed by the EU Data Protection Regulation (GDPR), and includes a checklist for organisations. The EU is expected to develop standard icons as suggested by the GDPR. The ICO’s own privacy mark project is currently on hold.

The ICO explains that the code ‘also applies to situations where it may be less obvious that data is being collected, such as when people are observed by smart devices or when information is inferred from how an individual behaves online’.

The checklist is at https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/?template=pdf&patch=32#link8

The 35 page code is at https://ico.org.uk/media/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control-1-0.pdf

Read an exclusive interview with Elizabeth Denham, Information Commissioner, in the next issue of PL&B UK Report. To subscribe, go to www.privacylaws.com/publications

If you have a question which you would like PL&B UK Report to put to Elizabeth Denham either with your organisation’s name or anonymously, please e-mail it by midday this Friday 28th October to Editor, [email protected]