Survey finds: Website privacy notices are inadequate

A recent international Survey found that privacy notices on most websites are too vague and generally inadequate, which means users are poorly informed about the security of their data.

The survey was conducted by 24 data protection authorities gathered in the Global Privacy Enforcement Network (GPEN) – the international network created to strengthen cooperation between privacy authorities.

The survey (“Sweep”) examined sites and applications in several sectors, including education, travel, retail, health, social media, gaming/gambling and banking. As websites and mobile applications have the potential to collect large amounts of personal data from various sources, it is important that users are fully informed about the way in which their data is collected, used and shared.

The GPEN came to the following conclusions:

  • Privacy communications across the various sectors tended to be vague, lacked specific detail and often contained generic clauses.
  • The majority of organisations failed to inform the user what would happen to their information once it had been provided.
  • Organisations were generally quite clear on what information they would collect from the user.
  • Organisations generally failed to specify with whom data would be shared.
  • Many organisations failed to refer to the security of the data collected and held – it was often unclear in which country data was stored or whether any safeguards were in place.
  • Just over half of the organisations examined made reference to how users could access the personal data held about them.

The review also found that some organisations still referred to outdated legislation and frameworks, while many of those providing services at an international level seemed to be unclear as to which legislation or jurisdiction was applicable. It was also noted that the retailers who issue e-receipts generally failed to provide any information about them on their website.

Preparing for the General Data Protection Regulation (GDPR)

The GDPR will take effect across the EU on 25 May 2018. Every organisation that collects, processes or shares EU residents’ personal data must comply with the Regulation.

For more information on how to comply, EU GDPR – A Pocket Guide Is the perfect place to start.

Written by Alan Calder, the founder and executive chairman of IT Governance, this guide is the ideal resource for anyone who wants a clear primer on the principles of data protection and their obligations under the GDPR. It helps you understand the terms and definitions used in the Regulation, the key compliance requirements and how to meet them.

Leave a Reply

Your email address will not be published. Required fields are marked *