Sunday, October 1, 2017

Transparency in the GDPR is Intended to be User-Centric

The Centre for Information Policy Leadership GDPR Implementation Project issued a report on May 19 titled, "Recommendations for Implementing Transparency, Consent and Legitimate Interest Under GDPR". The opening paragraphs, section 1.1, makes direct reference to User-Centric Transparency;

"The GDPR recognizes transparency as a core principle of data protection. Transparency is related to the fair processing principle. Processing can be fair only if it takes place in a transparent manner."

"However, transparency can serve its purpose only if it is meaningful. There currently is a growing gap between legal transparency and user-centric transparency. Concise and intelligible privacy notices focusing on truly informing users by providing meaningful information are at the center of usercentric transparency."

"Transparency in the GDPR is intended to be user-centric. It should be an effective instrument for the empowerment of the individual, one of the main objectives of the GDPR. This is why CIPL’s recommendations focus on user-centric transparency. Transparency should be context-specific, flexible, dynamic and adaptable to constantly evolving and changing uses to provide clear and understandable information to individuals and to enable a genuine choice where it is possible about the use of their personal data. However, even where consent is not available, transparency is still necessary to provide relevant information about the processing activities, how the organisation has mitigated the risks, the rights of individuals and any other relevant information demonstrating that  the organisation is fully accountable for its processing activities."

No comments:

Post a Comment