GDPR Compliant, Readable Privacy Policies
Although the readability requirement has not been brought to the United States yet, the Facebook data privacy scandal has certainly brought the question of whether current privacy notices do an adequate job of informing consumers of the privacy practices of their organization. All businesses (operating in Europe or the United States) should be re-reviewing their privacy notices in light of what has happened since Cambridge Analytica.
Privacy policies were making a slow transition away from the legal disclosures of the past to more helpful guidance for users before GDPR and Facebook. These events are going to noticably accelerate the pace of change.
What does the GDPR require?
The General Data Protection Regulation in general requires statements about privacy to data subjects be:
– clear, plain language
– easily accessible
– transparent (the information necessary for consumers to make informed decisions)
Why is Facebook Relevant? Didn’t Cambridge Analytica involve Third-Party Data Sharing?
The Cambridge Analytica news opened the door to a wide-ranging inquiry into Facebook’s privacy practices. During the Congressional hearings into what happened at Facebook, many legislators questioned Mark Zuckerberg on the adequacy of their privacy disclosures and Senator Kennedy of Louisiana went so far as to say that it “sucks” and needs to be rewritten. The criticisms of Facebook’s privacy notice suggest that many businesses need to be rethinking and rewriting their disclosures.
Users have a wide range of backgrounds and knowledge, making a statement that is crisp and clear to one person completely incomprehensible to another.
The law requires multiple, nuanced disclosures that make it difficult to keep notices simple and concise.
It can be difficult to capture the privacy implications of complex and cutting edge technology, even to tech-savvy users.
Short and simple statements may not accurately convey the more nuanced application of the data usage in practice.
Clear and specific disclosures will become out of date quickly as technology and business practices change.
It is expensive to hire a lawyer to draft and redraft the disclosures to ensure accuracy and readability.
How does Clarip Help Businesses Comply with this GDPR Requirement?
The Clarip Privacy Notice for Humans (TM) adds a short form wrapper to create a layered privacy notice on top of the existing legal document. It provides information about data collection, usage and sharing in a simple, easy to understand format that can be quickly digested. Users that want more information have the option to continue on to the complete privacy notice via a html link.
Contact Clarip Today for Help with CCPA and GPDR
The Clarip team and data privacy software are prepared to help your organization improve its privacy practices. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If your challenge right now is CCPA compliance for your California operations, allow us to show you our CCPA software. From consent management software to offer the option to opt-out of the sale of personal data, to a powerful DSAR Portal to facilitate the right to access and delete, Clarip offers enterprise privacy management at an affordable price.
If you are preparing your European operations for GDPR compliance, we can help through our modular GDPR software. Whether you are looking to start the process with GDPR data mapping software, increase automation in your privacy program with DPIA software, or handle ePrivacy with a cookie consent manager, Clarip has the privacy platform that you need to bolster your program.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.