Review of UK ICO Privacy Notices Code of Practice
Time 2 Minute Read
Categories: European Union, International

In its October 2013 e-newsletter, the UK Information Commissioner’s Office (“ICO”) announced that it is reviewing its Privacy Notices Code of Practice (the “Code”) to assess whether it should be updated. The Code, last updated in December 2010 and issued under Section 51 of the UK Data Protection Act 1998 (the “DPA”), is designed to assist organizations “to collect and use information appropriately by drafting clear and genuinely informative privacy notices.”

The ICO is seeking feedback on the Code and suggestions on how it may be improved. It currently provides an overview of the notice requirements under the DPA, emphasizing that a privacy notice should, at a minimum, provide notice of:

  • the organization collecting the data;
  • what the organization will do with the data; and
  • with whom the data it will be shared.

A privacy notice may provide additional information; the key is that “its primary purpose is to make sure that information is collected and used fairly.” The Code also provides guidance on when privacy notices must be actively communicated (i.e., sent by letter or email or included in a telephone script) and when they simply may be made available (e.g., through a link on a website which members of the public can access). The Code also addresses the sharing and selling of personal information and explains how to provide notice in practice.

All comments on the Code should be sent to the ICO by November 22, 2013, by email to newsletter@ico.org.uk.

Tags: Christopher Graham, Data Protection Act, Information Commissioners Office, United Kingdom
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
UK Regulators Issue Joint Statement on Age Assurance for Online Services

On March 25, 2026, the UK Information Commissioner’s Office and the UK Office of Communications released a joint statement addressing the intersection of online safety and data protection in relation to age assurance.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
UK ICO Launches Consultation on New Guidance on Research, Archiving and Statistics Provisions

On February 27, 2026, the UK ICO announced a public consultation on proposed updates to its guidance concerning research, archiving and statistics to reflect the changes introduced by the Data (Use and Access) Act 2025.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Privacy

On February 24, 2026, the UK ICO announced that it had fined Reddit, Inc. £14.47 million following an investigation into the company’s handling of children’s personal information.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page