WELCOME TO CHARLES RUSSELL SPEECHLYS.
We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
Otherwise, we'll assume you are OK to continue. Please close this message
A number of recent activities by regulators in Australia, the United States of America, Canada, EU and the UK demonstrate the need for website terms and privacy policies to not only 'say what you do' but more importantly 'do what you say'!
A number of lessons can be learned from the regulators increased interest in compliance standards on websites namely:
During 2013 the Office of the Australian Information Commissioner released the results of a 'privacy sweep' of approximately 50 websites as to their compliance with accessibility, readability and content in terms of their Privacy Policies.
This 'privacy sweep' was part of a global initiative with regulators from the EU and Canada and in general the results were that many Privacy Policies were ambiguous, written in confusing language and in some cases describe privacy practices that did not specially relate to the nature of the website business nor indeed the data collection activities.
An EU wide screening in 2013 of 330 websites selling digital content (such as books, music, films, videos and computer games) across the European Economic Area revealed some significant non-compliance.
The European Commission 'sweep' was intended to assess whether:
Of the 330 websites, 172 were found to be non-compliant and the consequence were contacted by the European Commission with a view to ensuring that compliance was put in place.
The typical areas of non-compliance were:
In 2013 the UK Office of Fair Trading carried out an investigation into how online businesses used consumer information to influence online activity and highlighted that transparency and the ability for consumers to opt out of the collection of information is "crucial to developing and maintaining trust in online markets".
Since May 2012 the UK Information Commissioner's Office has promoted a reporting system to enable consumers to report the way in which websites did or did not post transparent cookie information in Privacy Policies and has published names of websites that have been under review.
Finally, the Federal Trade Commission (FTC) in the United States of America has just settled with 12 companies falsely claiming to comply with the international Safe Harbor privacy framework.
The investigation by the FTC followed complaints that websites of a number of businesses in the retail, accountancy, professional sports and technology sectors were deceptively claiming that they held current certifications under the US - EU Safe Harbor framework and/or under the US - Swiss Safe Harbor framework.
In a number of cases the websites concerned were claiming in their privacy policies that they were in compliance with Safe Harbor and were using the Safe Harbor logo at times when their Safe Harbor certifications had lapsed. It appears that all in cases the misrepresentations made by these businesses were as a result of poor administration.
For more information please contact Robert Bond, Partner
T: +44 (0)20 7427 6660