ICO publishes revised privacy notices code of practice for consultation
Published 3 March 2016
What does this cover?
The ICO have published a revised privacy notices code of practice (the Proposed Code) for consultation.
The current privacy notices code of practice (the Current Code) was created in 2010, meaning the revised code is very welcome in light of the speed of digital development in recent years. The Current Code does not include guidance on informing individuals about big data analytics or how to provide privacy notices on mobile phones or other devices where screen space is limited. The Proposed Code is designed to ensure that organisations meet the requirements of the current DPA and the new requirements of the GDPR.
The consultation period began at the beginning of February and will run until 24 March 2016. Feedback is requested on the Proposed Code as well as views on proposed resources and tools which are planned to sit alongside the Proposed Code. Tools include an online privacy notice generator; example notices for different online services and an online video.
There are a number of interesting concepts within the Proposed Code:
- It advocates companies using a "blended approach" to informing consumers about how they intend to use their personal data (i.e. combining different ways of providing privacy notices).
- It explores how consent can be obtained and appears to follow the more stringent requirements imposed by the GDPR.
- The importance of explaining uses of personal data which would be beyond an individual's reasonable expectations.
- It encourages the use of:
- "Just-in-time notices." which appear at the point when individual’s input personal data; and
- icons and symbols to alert an individual when data is being collected for a particular purpose.
The ICO plans to finalise the Proposed Code by mid-2016 with implementation within two years.
To view the ICO blog on the consultation plan to revise the Privacy Code, please click here.
To view the Consultation document 'Consultation: Privacy notices, transparency and control – a code of practice on communicating privacy information to individuals', please click here.
What action could be taken to manage risks that may arise from this development?
Organisations should review the ICO's Privacy Code and if they wish to participate in the consultation, they should do so by 24 March 2016 (the consultation end date). The consultation document can be accessed here.
Return to main page