ICO study deems website privacy notices are too vague and inadequate
website data leaks

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

ICO study deems website privacy notices are too vague and inadequate

National statistics suggest that 87.9% of all adults in the U.K. use the internet. With some 45.9 million internet users, almost all Britons have access to the internet at work or for leisure.

Most of us carry a smartphone or an internet-connected device and are regularly checking the news, making purchases, watching videos, or logged in to social media. In one day, we may have visited over 20 sites, and the question is: how many of these take information about you and use it without your knowledge or consent? How many websites are truly safe?

The Information Commissioner’s Office set out to see whether websites across different sectors were doing enough to inform visitors about exactly what personal data they were extracting from peoples’ visits. A review of 30 U.K. websites was made, looking into a variety of sectors including:

  • Retail
  • Banking and lending
  • Travel
  • Finance price comparison sectors

Here are the ICO’s key findings:

  • 26 out of 30 didn’t specify how and where any collected personal information would be stored
  • 26 websites failed to give clear information on whether visitor’s personal information would be shared with third parties and what they would do with it
  • 24 websites didn’t give visitors information about removing, or the option to remove, their personal information from the site
  • Seven didn’t have clear information about how a visitor could access the data held about them (i.e through a Subject Access Request).

These findings clearly make for bad reading. As reflected by the number of data breaches constantly being reported, data protection is not being afforded the respect it deserves. Companies are not adequately fulfilling their data protection responsibilities in informing their website visitors of what happens to the information they gather through visitor clicks, searches and inputted information.

This study is part of a global investigation led by the ICO, with 23 other data protection regulators from around the globe also participating in it. They concluded that, “there is significant room for improvement in terms of specific details contained in privacy communications.”

The Global Privacy Enforcement Network (GPEN) also provided the following findings over 455 websites reviewed:

  • Privacy notices tended to be vague
  • On the plus side, most did tell users that it was going to take information from the user
  • Unfortunately, most organisations didn’t tell users what was going to happen to that data
  • Many didn’t specify if personal data would be shared with others and if so, what for
  • Many organisations didn’t offer any information about the security of the data it collected

A lot of websites still referred to outdated laws that no longer applied or had been updated. Bigger organisations that provided services to more than one country often didn’t say which jurisdiction’s laws were applicable.

Research Group Manager for our ICO, Adam Stevens, said:

“These findings suggest that people using those websites that we and our international partners examined are generally not very well informed about what happens to their data once it has been collected. That just won’t do. It is important that it is clear to people how they can control their information online.”

As the General Data Protection Regulation (GDPR) looms in the near future, organisations need to step-up on their cyber security measures and provide the public with relevant information about how it takes and works with consumer data. Consumers have a right to be informed so that they’re aware of how their personal data is used, and how they can maintain control over it.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon