The Information Commissioner's Office (ICO) said it was conducting a review of its existing privacy policies code of practice which was published in 2009 with a view to producing new guidelines next year.
"The ICO’s current privacy notices code of practice – gives good practice advice and explains how organisations can make sure their privacy notice is as informative and readable as possible, as well as highlighting the benefits that an effective privacy notice can provide," Steve Wood, head of policy delivery at the ICO, said in a blog. "Nevertheless, we believe the time is now right to undertake a review of our existing code."
"We’re keen to get the balance right between clear, general guidance and making sure the guidance works for new technologies – we’d therefore welcome your views on this aspect of the code," he added.
Wood said that businesses still have a "long way to go" to ensure that their privacy polices are fit-for-purpose. He said that too many online privacy notices were overly long, deterring internet users from reading them.
"Organisations are looking to analyse and use more and more personal data – transparency of that processing remains a vital tool in making sure that people continue to trust an organisation with their information," Wood said. "A clear and simple, but informative, privacy notice can be an effective way to demonstrate this transparency. This is important because providing genuine transparency lies at the heart of many emerging data protection issues – from the use of medical data for research to innovative uses of personal data in integrated internet services."
Earlier this year the ICO said too many companies were using privacy policies they publish "to protect themselves rather than inform the public" about the collection and use of personal data.
"In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products," an ICO spokesperson said in July.
Of the UK websites assessed, a common problem was that the privacy notices failed to clearly specify "how long personal data would be retained for or if it would be transferred internationally", the ICO said at the time.