Website privacy notices are too vague!
The Global Privacy Enforcement Network (GPEN) finds website privacy notices too vague and generally inadequate.
This is what the Information Commissioner's Office (ICO) has reported on an international study by the GPEN recently.
The global study assessed the privacy notices, communications and practices of 455 worldwide websites and apps in sectors including retail, finance and banking, travel, social media, gaming, gambling, education and health.
Main failures identified are as follows:
-failure to state how and where information would be stored;
-failure to state whether they share data with third parties and who that data would be shared with;
-failure to provide users with a clear means for deleting or removing their personal data from the website;
-failure to make it clear how a user could access the data held about them; and
-failure to refer to updated legislation and frameworks, and failure for many of those providing services at international level to be clear as to which legislation or jurisdiction is applicable.
Notes:
-The GPEN was established in 2010 upon recommendation by the Organisation for Economic Co-operation and Development. Its aim is to foster cross-border co-operation among privacy regulators in an increasingly global market in which commerce and consumer activity relies on the seamless flow of personal information across borders.
-The ICO is a UK regulator that has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003. It can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.