Member Article

Experts agree that good privacy begins with effective transparency. Transparency requires privacy notices that are easy to understand, facilitate comparison, and are actionable. A system of privacy notices also must be compliant with legal requirements that may be different from country to country, and jurisdiction to jurisdiction. Research on how people learn has helped us understand that easy-to read notices must be short, use plain language, and be in a common format. Complete notices tend to be longer and more complex. Attempting to capture both sets of requirements in one document is an impossible challenge. A growing number of privacy officials and experts agree that multilayered notices — a condensed notice that communicates all the key factors in a manner that is easy to understand and actionable, and a complete notice with all legal requirements — meets this transparency objective. Corporate and government sponsored research helps us understand that multilayered notices build both trust and compliance. The work of the European Article 29 Working Party gives us confidence that layering a privacy notice is legally complaint. This paper’s purpose is to assist privacy practioners at organizations of all sizes build effective multilayered privacy notices. After several years of testing and development, the international privacy community has begun to adopt a new platform for privacy notices. The platform — a multilayered privacy notice — makes it easy for consumers to understand information use and protection and compare companies’ privacy policies. The new platform also encourages compliance and makes it possible for organizations to use the same privacy notices worldwide. While there are still differences of opinion on notice content, we are at a point where organizations may feel comfortable in using the platform discussed in this ten-step guide to develop an easy-to-read-and-compare privacy notice, compliant with the emerging standard. The guide begins with background on multilayered notices and a discussion of why you should change your notice. It then provides the reader with ten steps that can be followed by organizations of all sizes when developing multilayered privacy notices. Finally, the guide provides the reader with resources available on the Internet for reference when developing a multilayered notice.

 

Link to article