Layered Notice


What

Privacy notices can be structured wit different layers, where each layer provides different information for a different audience and/or context. This multi-layered structure offers compliance in its totality.

There are staged layers, through which a user can explore sequences of notice — rather than all at once.


Problem

Privacy notices tend to be overly long, complex, legalistic, and in most cases they solely aim to fulfill the legal requirement of mandated disclosure, instead of effectively inform individuals about the use of their data. Individuals do not desire to and are not able to navigate them and make sense of them effectively.

Solution

Split the information on up to three layers: 1) a condensed notice that summarizes data practices to effectively inform data subjects, 2) a complete notice for legal compliance, and, if needed, 3) an additional just-in-time short notice to provide specific, single information in a mobile/IoT context. There must be a link to the complete notice on the second and third layer.

Goals:
Give relevant information to the relevant audience: summarized but necessary information to data subjects (e.g. about the type of data collected, the use, etc.), but also detailed and complete information for legal purposes (e.g. lawyers, data protection authorities, other businesses, etc.).


Constraints and Consequences

1) the information on the different layers must be carefully harmonised, especially when updates occur;

2) the condensed notice must not include only fair practices, whereas unfair terms are buried into the long notice.


Legal References

Article 29 WP 2004.
ICO 2016.


Examples

Alice opens an account with an airline; before proceeding with the registration, she is shown a condensed notice that contains all relevant information about the collected data, the purposes of processing, her rights, the identity of the controller. She can register to the service by exactly knowing what will happen to her data and why.


Examples of applied uses:

[1] Iubenda privacy policy generator https://www.iubenda.com/en

[2] IBM https://www.ibm.com/privacy/us/en/

[3] Microsoft https://privacy.microsoft.com/en-us/privacystatement

[4] P&G https://www.pg.com/privacy/english/privacy_notice.shtml

[5] Walmart https://corporate.walmart.com/privacy-security/walmart-privacy-policy

Skills

Share this Project

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.