ICO: Companies hiding behind privacy policies

Firms need to make privacy notices accessible and not pepper them with legal jargon, according to the ICO
Written by Tom Espiner, Contributor

The information commissioner has criticised businesses for using overly complex language in their privacy notices.

Some companies use legal jargon to hide, rather than to explain, what they intend to do with data collected from customers, according to the Information Commissioner's Office (ICO).

"The ICO believes that some existing privacy notices contain too much legal jargon and are written to protect organisations, rather than to inform the public about how their information will be used," the official UK privacy watchdog said in a statement on Monday.

While companies should not overstate the obvious, those requesting information from customers should make it simple to understand how that data will be handled, said the ICO.

"As more and more of our personal details are collected, we want to ensure that privacy notices provide clear, user-friendly information to the public about how their personal details will be used and what the consequences of this are likely to be," said Iain Bourne, ICO head of data-protection projects, in the statement.

The announcement accompanied the launch of an ICO consultation document entitled Privacy notices codes of practice. The document gives advice to businesses on drafting privacy policies.

In addition to outlining how data is handled, privacy notices could contain information about access rights or security arrangements, according to the ICO.

The draft privacy-notice code of practice will be under consultation until 3 April.

Once the code of practice is accepted, companies that breach the code will not necessarily be breaching the Data Protection Act, according to legal publication Out-Law.com.

The ICO had not responded to a request for comment at the time of writing.

Editorial standards