New rules around online data collection and privacy will emerge from a consultation process started by the Information Commissioner’s Office yesterday. The ICO has already posted its own draft code of practice setting out how organisations can adopt a “common sense” approach to protecting individual’s privacy online.
In an indication of where the consultation might ultimately lead, the Personal Information Online code of practice draft says that an organisation “must be able to justify” collecting information that identifies an individual. It challenges companies to consider whether they can achieve the same aim without capturing personal data and to limit what is collected, for example by considering if date of birth is necessary when contact details alone might be enough.
The consultation period opened on 9th December and ends on 5th March 2010. During that time, any organisation can respond to the draft and make submissions. Key documents can be found at http://ico-consult.limehouse.co.uk/portal.
Introducing the code of practice at a conference in Manchester, Iain Bourne, Head of Data Protection Projects, said: “Collecting information about people in the proper way, including making them fully aware of what will happen to their personal information and how they can access it and keep it accurate, lies at the heart of good privacy protection. The draft code of practice explains a difficult area of the law and provides practical advice on a range of online privacy issues. It urges organisations to do more to explain what they do with the information they collect about people and to make sure they use it in line with individuals’ wishes.”
Responding to the ICO’s publication, Simon McDougall, head of privacy and data protection at Deloitte, says: “We need a common understanding of good practice in website privacy. Businesses perceive a dilemma between using unwieldy disclaimers, or accusations of lacking transparency. Users hear conflicting messages on features such as behavioural marketing and cookie usage and this discourages many from doing business online. A plain English ICO Code of Practice will help build trust and encourage privacy-aware innovation.”