Transparency Concepts Should Drive Privacy Practices and Operations
Transparency is the clear, unambiguous guidance provided to customers and users on how their personal data is used and processed by a company. With transparency, users understand why and how their personal data is collected and processed. And users have clear and simple notice on opting out of data collection, sharing, and guidance on how to request data deletion. Article 12 of the GDPR details the requirements for transparency. It emphasizes that communications and notices should be “…concise, transparent, intelligible and easily accessible form, using clear and plain language…”. The individual/data subject readily understand communications for them to be ‘transparent’.
Public awareness has grown significantly regarding transparency as privacy incidents where personal data has been used without permission have come to light
(Cambridge Analytica). And now with GDPR, CCPA, Singapore PDPA, Brazilian LGPD, and other privacy regulations, transparency is required for regulatory compliance.
What are Examples of Transparency?
- Clear notification on how data will be processed.
- Simple and clear communications by the controller on privacy matters or incidents.
- Guidance on how long data will be retained.
- How to lodge complaints or request actions regarding personal data.
Here are additional resources for information on Transparency:
- CCPA, IAPP Article on Transparency
- GDPR text, see Articles 5, 12, 13, 14, 26, 40, 41, 42, 43, 53 and 88
- UK Information Commissioners’ Office, article on Lawfulness, fairness and transparency
You just learned about Transparency, now explore related terms like Data Privacy, Data Governance, Privacy by Design, Data Privacy Risk, Privacy Impact Assessments, The NIST Privacy Framework, and Privacy Best Practices.