The European Data Protection Supervisor will provide assistance to the Commission.
In a recent report, the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) has highlighted the omnipresence of transparency issues in data protection notices in practice. The report, presented in the 53rd Activity Report of the HBDI, focuses on the transparency of data protection notices on a personnel recruitment agency's website following a complaint.
The General Data Protection Regulation (GDPR) requires controllers to provide data subjects with all necessary information regarding data processing in a clear and accessible manner (Article 12(1) sentence 1 GDPR). Transparency is a data protection principle enshrined in Article 5(1)(a) GDPR, and it is crucial for ensuring that personal data is processed lawfully, in good faith, and in a manner that is traceable for the data subject.
To enhance transparency, the HBDI recommends using the terminology of the GDPR, avoiding the use of modal verbs, and providing a clear structure for the processing, the purpose pursued, and the relevant legal basis. Linguistic adaptation and explanations depending on the target group are also recommended.
The current recommendation of the Hessian Data Protection and Freedom of Information Officer is that website privacy notices must comply strictly with Art. 12 GDPR by providing all required information in a precise, transparent, understandable, and easily accessible manner using clear and simple language. This ensures legal compliance and meaningful user transparency.
Various deficiencies in the area of transparency were identified during the investigation of the data protection declarations on the personnel recruitment agency's website. To remedy these deficiencies, the HBDI provides tips using examples. The use of a table of contents with a dropdown function or a data protection dashboard is recommended for increased transparency and structured information on websites.
Additionally, the HBDI suggests thematic separation by using headings / multi-level approach and direct linking of data protection notices referred to. Uniform use of terminology, such as "data processing" as an umbrella term, is also advised for transparency in data protection notices.
The HBDI's report also suggests that these tools provide separate data protection notices for different categories of data subjects at first glance, based on the scope of data processing. This approach not only increases transparency but also makes it easier for data subjects to inform themselves about the data processing that affects them.
In conclusion, the HBDI's report underscores the importance of transparency in data protection notices and provides practical tips for controllers to ensure compliance with the GDPR and enhance user transparency.
Read also:
- Impact of Alcohol on the Human Body: Nine Aspects of Health Alteration Due to Alcohol Consumption
- Understanding the Concept of Obesity
- Microbiome's Impact on Emotional States, Judgement, and Mental Health Conditions
- Criticisms levelled by a patient advocate towards MPK's judgement on PCR testing procedures
