Out-Law News 2 min. read
03 Feb 2016, 6:11 pm
In its draft new privacy notices code of practice, the Information Commissioner's Office (ICO) advocates that companies use a "blended approach" to informing consumers about how they intend to use their personal data.
The ICO said that to meet obligations set out under data protection laws on the fair processing of personal data businesses should only use data "in a way that people would reasonably expect" and after thinking about the impact such data use would have on those individuals. In addition, businesses must ensure "people know how their information will be used".
The draft new code provides guidance to businesses on a range of other issues, including on obtaining customer consent to the processing of their data. It also addresses offers recommendations to companies that engage with consumers using mobile devices on how to overcome screen size limitations to provide detail to those consumers of their planned data collection and processing activities.
"The use of video or just in time notices to convey privacy information is particularly suitable for smaller devices as the size and length of text will not be an issue," the ICO's draft code said. "You are unlikely to be able to convey all the necessary detail in a video but following a layered approach, individuals can be directed to more detailed information as appropriate. Keeping the video short and to the point will also avoid any issues individuals may have with data usage if Wi-Fi isn’t available."
"You can use the functionality of a device, for example using voice alerts on a smart phone (or on-screen notifications once the phone is set to silent), to provide information essentially like a just-in-time notice," it said. "However, you must consider how you can prevent the phone or mobile app giving someone constant alerts regarding their information. This is where a link to a dashboard or information management tool may be helpful, or a prompt to review your settings on your smartphone."
The ICO's consultation on its draft new code closes on 24 March. It said it had developed the code "with compliance with the GDPR in mind, as well as with the law as it stands today (the Data Protection Act 1998)".
"More precise and technical changes will be required once the final text is published and we intend do this following this consultation process," it said.
Last year, in anticipation of the ICO's revised privacy notices code of practice being published, technology law expert Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said the new code should seek to help businesses address the challenges of engaging consumers digitally on issues relevant to their privacy.
"Businesses need to be encouraged to select smaller snippets of information about privacy and data protection and bring this information to consumers' attention first," Scanlon said. "They need to embrace innovative new ways of presenting information which reflect digital trends and the continual growing use of mobile devices."