ICO Personal Information Online Code of Practice Consultation

Jennifer submitted a response to the ICO (Information Commissioner Office) Personal Information Online Code of Practice consultation. She was particularly concerned with social networks and their abuse of consumer information.

E-victims submitted the following recommendations

  • Social networks should proactively educate users on privacy and safety - not simply offer a section within the help area - which requires users to seek out the information.
  • They should clearly explain to users what data is visible and who has access to data.
  • Their sign-up process should take users through a step by step process that explains and helps them understand and set their privacy settings.
  •  Applications and websites should not be able to access a user's data just because a friend used that application; or at the very least there should be a universal opt-out that prevents all applications being able to access their data.
  • Applications should only have access to the data they need to operate and no more.
  • User data should not be shared in new ways or with new partners without gaining explicit user authorisation after explaining the data sharing model
  • Third party applications should be from a data safe country and have proper data protection in place for the data being accessed. They should be vetted.
  • Social networks should have a clear policy and technical explanation on how they will ensure that data is deleted properly.
  • It should be mandatory that contractual or privacy changes should be announced to users. It should be in plain language and should explain the risks as well as the rewards. 
  • The privacy policy should be written in plain, accessible language.

Read Jennifer's full submission

Read the ICO's Consultation Summary

Cyber stalker crackdown 'thwarted' by service providers

NFA- Action Fraud