The term ‘Privacy Policy’ is most often used in an online environment to describe a document which explains to individuals how information about them is collected and used. It may also touch on the wider data protection policy of the organisation. It is important to note that ‘Privacy Policy’ is not a legal term (at least not in the UK) but a user friendly one. Data protection lawyers typically refer to the document which provides an individual with information about how information about them is used as a ‘privacy notice’. The requirements for what should be in such a notice are in articles 13 and 14 of the UK GDPR. Typically an organisation which operates mostly in a real world environment will have a number of privacy notices for different categories of individuals and separate data protection policy. Online, the term ‘privacy policy’ may refer to something which is designed to cover the requirements under articles 13 or14 or it may be more of a hybrid between ‘privacy notice’ and ‘data protection policy’.
Guidance produced by the Information Commissioner’s Office (ICO) does not refer to the term ‘privacy policy’. The term ‘privacy notice’ is normally used by the ICO both in guidance and in their own privacy notices. However, I have noticed that there is one exception; if you click on the link for the privacy notice template then it is, in fact, headed ‘Privacy Policy’. All the notes in it then use the term ‘privacy notice’. My conjecture is that the ICO takes the line that their guidance should use the term ‘privacy notice’ but that this heading on the template slipped through the net.
The overall conclusion is that the confusion around the term ‘privacy policy’ is ubiquitous. ‘Privacy policy’ may mean the same thing as ‘privacy notice’ but be aware that a ‘privacy policy’ may sometimes incorporate an element of data protection policy.
You might also be interested in::
- ICO Guidance on Special Category Data – 5 Points of Note The new ICO Guidance on Special Category Data was published on Thursday 14th November 2019....
- The Fall of the Privacy Shield – What next? The ICO and the EDPB have different approaches The decision of the European Court of Justice in Case C-311/18 – Data Protection Commissioner...
- EDPB adopts new Guidelines on Video Surveillance The European Data Protection Board has recently (29 January 2020) adopted its Guidelines on Video...
Share this
