There are data protection laws that govern how a website operator can collect and use personal information. For example, the law says that individuals must be fully and properly informed about what personal information you are collecting and how it will be used. Failure to comply with these laws can lead to large fines or worse.
- the current legal requirements in relation to the use of personal information.
- how you intend to use any personal information collected (within the confines of the law of course).
Information Commissioner’s Office
The regulator of data protection in England and Wales, the Information Commissioner’s Office (ICO), has given some guidance on privacy policies. In the past, the ICO has been quite critical of lengthy policies which do not adequately communicate how personal information will be collected or is to be used.
Useful links to guidance offered by the ICO:
Personal information online code of practice: https://ico.org.uk/media/for-organisations/documents/1591/personal_information_online_cop.pdf
Privacy Notices code of practice: https://ico.org.uk/media/for-organisations/documents/1610/privacy_notices_cop.pdf
Privacy in mobile apps – Guidance for app developers: https://ico.org.uk/media/for-organisations/documents/1596/privacy-in-mobile-apps-dp-guidance.pdf