Company signs formal undertaking
The points of concern highlighted in the undertaking, which is available on the ICO website, will be of interest to many, in particular online service providers and those who combine personal data obtained across a number of different products and/or services.
Key areas of concern/potential improvement which emerge are:
- data controllers must ensure that sufficient, easily accessible, information is provided describing the ways in which, and purposes for which users’ personal data is processed -practical examples can assist to illustrate what this means for users in practice
- any processing which does not accord with users’ reasonable expectations should be brought to their attention
- where personal data is to be combined across products and services this should be explained to users
- technical terms may need to be explained
- where data is collected from so-called “passive users” i.e. those whose data is obtained not because they used the data controller’s services, but because they visit a website which does (in the case of Google, e.g. websites which use Google Analytics), information should be provided, and contracts with partners should ensure data collection is disclosed to users
- data policies should be documented internally
The ICO news story, together with the text of the undertaking signed by Google Inc. can be found on the ICO website here.