Out-Law News | 13 May 2013 | 2:56 pm | 1 min. read
The Information Commissioner's Office (ICO) said it is to assess the privacy policies published on 250 UK-based websites as part of an international 'privacy sweep'.
The watchdog said that it is "crucial" that organisations explain to consumers how they use their personal information.
"We'll be examining 250 sites based in the UK, looking closely to see how easy the policies are to read, and how clearly they explain how personal information is being handled," Ian Williams, the ICO's international team's lead policy officer, said in a blog.
"Privacy policies might not sound like the most interesting topic for such a study, but they're crucial in making sure consumers know how their personal information is being used. Too often we find organisations using the notices to protect themselves rather than inform the public, and there's no excuse for this," he added.
Williams said that the ICO is one of 19 data protection authorities involved in the 'privacy sweep' project, which is being co-ordinated by the Global Privacy Enforcement Network (GPEN). The results from the project are to be collated by the Office of Privacy Commissioner of Canada and will be outlined in a GPEN report, which is due to be published in the autumn. The report will give "a global overview of whether the privacy policies available are compliant" and "is expected to also identify websites where further action may be required to comply with relevant national and international laws", he said.
Williams said that firms' privacy policies should explain to consumers how their personal data is used in a clear, honest and easy-to-understand way. He said companies should avoid using a "confusing mixture" of opt-in and opt-out 'tick-boxes' when trying to obtain individuals' consent to the collection and processing of their data.
Privacy policies should be reviewed for the purposes of accuracy, updating and to ensure accessibility from "time to time", whilst it should also inform consumers what information they need to provide in order receive goods or services and what other information is purely optional to provide, he added.