In the latest SMP Snack, SMP eGaming Regulatory Compliance Manager Phil Knox returns for the final GDPR article to discuss the importance of transparency for affiliates with additional insight on how to be compliant.
Fundamentally, transparency is linked to fairness. Transparent processing is a key principle in GDPR and is about being clear, open and honest with individuals from the start about who you are, how you use personal data and what for.
Individuals have the right to be informed about how you collect and use their personal data. As a minimum, you as a controller (covered in last week’s snack article), must make information such as who you are, the purposes for processing personal data, who it will be shared with, the security of that data and the rights the individual has under the GDPR, readily available. Typically, this information is presented by way of a privacy notice and should be provided at the time you collect personal data.
The Information Commissioner’s Office provides a useful checklist highlighting the core elements of a privacy notice.
Under the GDPR, privacy information must be concise, transparent, intelligible, easily accessible and use clear and plain language. So, what does that mean?
Concise & Transparent
Information must be presented succinctly to avoid information fatigue – users shouldn’t have to scroll through pages of text. This can be achieved through the use of a layered privacy notice or statement, so users can navigate to a particular point of interest with ease.
To ensure that information is intelligible, avoid the use of ambiguous language and technical terms – it needs to be understood by an average member of the intended audience.
At all times, privacy information should be easy to access and immediately apparent where it can found. On a website, a link to the privacy statement or notice should be clearly signposted and, on an app, it should never be more than ‘two taps away.’
Clear & plain language
Finally, try not to use words such as ‘may’, ‘might’, and ’possible’ and strive to use the active voice rather than the passive. A privacy notice should never be misinterpreted.
It is your responsibility to take an active approach when it comes to transparency. You must regularly review, and where necessary, update your privacy information. When you make amendments, be sure to communicate these changes ‘in a way that ensures most recipients will actually notice them’. For instance, a direct email detailing the changes.
Being transparent can help you to comply with other aspects of GDPR and build trust with individuals, whereas getting it wrong can lead to a damaged reputation or worse. Keep an eye out for next week’s article where we’ll cover how to design an effective advertising compliance policy.