EDITORIAL: Barely a day goes by without Google or Microsoft or some other company with vast vaults of our personal data tweaking its privacy policy.
These are companies with so much personal information about us that they see into the darkest reaches of our souls more clearly than Sigmund Freud channelled by Mystic Meg. They are peopled by zealous superbrains who doodle weather system algorithms while chatting to granny on the phone, yet even they can’t decide on the right way to handle our personal data.
This confusion is no surprise if they try to do the right thing and take the advice of the Information Commissioner’s Office (ICO). The office is striking increasingly confident, even bullish, notes on personal privacy, surveillance societies and our informational rights. Yet it cannot even produce coherent guidance about what companies are supposed to do.
If you collect personal information online the single most important thing you need to know is: what do I tell the punter when I take his details? Let’s turn to the ICO. Its guidance is clear: a link to a privacy policy is not enough, companies must give far more information at the point of data collection.
Crystal clear advice, delivered in 2001 by the then Commissioner, Elizabeth France. Hang on, though: four years later the current Commissioner, Richard Thomas, said that the best policy was a ‘layered notice’ like on Microsoft’s MSN UK. The first layer of its notice? A link to a privacy policy.
Have you read these related articles?
Newsletter:
