Privacy Notices – It’s Back To Basics (Without The Boilerplate)

Last Updated: August 15 2013

Article by Timothy Banks

Earlier this year, I reported that the Office of the Privacy Commissioner of Canada (OPC) was participating in the first ever Internet sweep by the Global Privacy Enforcement Network (GPEN).

The results are in. If you haven’t dusted off your privacy policy for a thorough clean-up, you should.

Yesterday, the OPC reported that globally the GPEN found that almost a quarter of the 2,276 mobile Apps and websites examined did not have a privacy policy available. One third of the privacy policies that could be found raised concerns regarding the relevance of the information. In particular policies:

  • used boilerplate language with brief over-generalized statements
  • failed to provide information customized to describe the organization’s practices
  • failed to take into account the relevant regulatory jurisdiction
  • directly quoted legislation rather than informing users

In addition, the OPC reported the initial results of its own examination of 300 websites. Among the findings were:

  • 1 in 10 failed to have a privacy policy or equivalent information
  • Of those with privacy policies, 1 in 10 buried them in other documents such as Terms and Conditions or had policies that were otherwise hard to find
  • 2 in 10 failed to provide a contact or made the contact information for the privacy officer difficult to find
  • 2 in 10 failed to provide relevant information – in some cases merely quoting the legislation or the Fair Information Practice Principles

Among the recommendations:

  • Draft uncluttered “user-centric” privacy notices
  • Make the policy comprehensive – covering online and offline activities
  • Explain directly the points of contact during which information will be collected
  • Explain what is collected and how it is used
  • Provide detailed explanation of website personalization features and how to opt-out
  • Provide a method of reporting privacy breaches

The OPC’s news release and related background information can be found here.

For more information, visit our Data Governance Law blog at www.datagovernancelaw.com

About Dentons

Dentons is a global firm driven to provide you with the competitive edge in an increasingly complex and interconnected marketplace. We were formed by the March 2013 combination of international law firm Salans LLP, Canadian law firm Fraser Milner Casgrain LLP (FMC) and international law firm SNR Denton.

Dentons is built on the solid foundations of three highly regarded law firms. Each built its outstanding reputation and valued clientele by responding to the local, regional and national needs of a broad spectrum of clients of all sizes – individuals; entrepreneurs; small businesses and start-ups; local, regional and national governments and government agencies; and mid-sized and larger private and public corporations, including international and global entities.

Now clients benefit from more than 2,500 lawyers and professionals in 79 locations in 52 countries across Africa, Asia Pacific, Canada, Central Asia, Europe, the Middle East, Russia and the CIS, the UK and the US who are committed to challenging the status quo to offer creative, actionable business and legal solutions.

Learn more at www.dentons.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. Specific Questions relating to this article should be addressed directly to the author.