Sites you visit, applications you use and services you take all have privacy policies – but what are they and why are they important, despite many people just check boxing them?
Privacy policies govern the collection, management and protection of data
Transparency and empowerment around the use of your data underpin the use of privacy policies in this data-driven age and should be taken seriously.
Sign up for a Google email account? They have a privacy policy on how they handle your data in providing you email services. Playing a new game? They will have a privacy policy specifying how they handle your personal data.
Privacy policies are a necessity whenever data is handled whether its customer names or addresses, personal information or sensitive data such as health or financial data. They provide the framework for how data is collected and managed and communicate this to the end-user. LaG has a privacy policy that covers how data from your comments or communications with us is handled and your rights in relation to it.
In data-driven ecosystems, this has ever-increasing importance. Following the Cambridge Analytica scandal how data is collected, why, where and when has come under intense scrutiny. As it should. Data profiling and mining provide ever-encroaching methods of using data for commercial and potentially invasive purposes.
All these practices and their justifications should be found in a robust privacy policy. Common questions such as which third parties your data is shared with should be answered. Fundamental rights, such as those under the GDPR, should be stated. This includes your rights, if you are governed by EU laws, to the removal, access or rectification of your data.
Further, opt-in and outs in providing data should be specified clearly. Having clear data retention and usage policies allows for data portability and the explanation of otherwise invasive services. Ever wondered why some apps in Apple Store or Google Play ask for permission to access your phone’s contacts or text messages? A privacy policy should specify exactly why this is the case.
If anything goes wrong a privacy policy will outline how you can make a complaint or raise a concern regarding the handling of your data.
So yes, you should read privacy policies. They are typically a few pages long at most. Focus on how your data is being used, why, where and how it is being stored and whether this is necessary.
Do I need a privacy policy?
If you are a content creator or business owner a privacy policy may well be necessary for your compliance with data protection laws and would be well advised in any event. Having one is a necessity, as informing users of why and how you handle their data is a basic requirement when requesting it. It can also help you map the data you are collecting and how best to get the commercial value out of it.
As a start check out the privacy policy we have here on LaG. It provides a good framework for UK based content creators to use, covering the main headlines.
There can be more sophisticated types of use- for example Football Manger uses the personal data of football players- think their names, likeness and injury data. This requires the permission of the players or clubs themselves. In this case usage of the data should be limited narrowly to what it is being processed for. Be sure to specify all your data uses.
I highly recommend you take further legal advice if you are making a privacy policy – you may have to cover types of data analytics, audience data management and appoint a Data Protection Officer.
For more details on what UK companies need to communicate to users about what data they collect and use see the ICO website.
lawandgames.com 