Most corporate websites are designed to collect personal data about users in one form or another. This might include the user completing an online contact form with their personal details, or by the website deploying cookies automatically in order to collect information about the user's online browsing habits.
Data Protection is designed to protect people from the misuse or abuse of their personal information when technology is used.
Publishing your organisation’s website influences data protection in 3 ways:
- acquisition of personal data for subsequent use;
- publication of personal data; and
- the holding of personal data.
Where personal data from individuals is being acquired, published and held online as part of the organisation’s website operations, you must include a detailed Privacy (or Data Protection) Policy on the website which can be viewed easily.
Please also read our briefing on cookies.
Any claim under English law that a website infringes an individual's privacy is likely to be framed both as a breach of confidence claim and as a claim under the Data Protection Act 1998.
What is privacy?
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.
Privacy can mean many things from the right to be left alone to the right to have some control over how your personal or health information is properly collected, stored, used or released.
We often think about privacy in different ways, for example:
- physical privacy - such as bag searching, use of DNA
- information privacy – the way in which government agencies or organisations handle personal information such as age, address, physical or mental health records
- freedom from excessive surveillance – the right to go about our daily lives without being surveilled or have all our actions caught on camera.
(a) the identity of the organisation collecting the personal data
(b) how the personal data is collected (e.g. whether cookies are used on the website)
(c) whether or not the personal data will be stored
(d) what the organisation will use the personal data for (e.g. mail shots, e-mails etc)
(e) with whom the organisation intends to share the personal data (i.e. whether it intends to sell the personal data to other organisations), and if so, what those organisations will use the personal data.
(f) whether the personal data will be transferred out side the European Economic Area
(g) the identity and contract details of the organisation’s Data Protection Officer (whom the user may contact in the event of any queries)
Log in to your member account to unlock the premium content on this web page.