Jennifer submitted a response to the ICO (Information Commissioner Office) Personal Information Online Code of Practice consultation. She was particularly concerned with social networks and their abuse of consumer information.
E-victims submitted the following recommendations
- Social networks should proactively educate users on privacy and safety - not simply offer a section within the help area - which requires users to seek out the information.
- They should clearly explain to users what data is visible and who has access to data.
- Their sign-up process should take users through a step by step process that explains and helps them understand and set their privacy settings.
- Applications and websites should not be able to access a user's data just because a friend used that application; or at the very least there should be a universal opt-out that prevents all applications being able to access their data.
- Applications should only have access to the data they need to operate and no more.
- User data should not be shared in new ways or with new partners without gaining explicit user authorisation after explaining the data sharing model
- Third party applications should be from a data safe country and have proper data protection in place for the data being accessed. They should be vetted.
- Social networks should have a clear policy and technical explanation on how they will ensure that data is deleted properly.
- It should be mandatory that contractual or privacy changes should be announced to users. It should be in plain language and should explain the risks as well as the rewards.