On this page you will find details of the ICO's current public consultations and how to submit your comments to us. Please note: the contact details here should not be used for submitting general enquiries or complaints. Please use our online contact form.
Personal information online: code of practice
People rely on the internet more and more to manage their personal affairs, to obtain the goods and services they need, and for social engagement. These activities all involve the collection of information about individuals, and inevitably data protection compliance issues arise.
The Information Commissioner’s guidance in this area is sparse in relation to the volume of complaints, enquiries and requests for guidance we receive.
We therefore intend to produce a code of practice to help those collecting information about people through websites to comply with the law and to adopt good practice. The code will provide comprehensive, accessible guidance on the following broad areas:
-
Operating a privacy-friendly website
-
Rights and protections for individuals
-
Privacy choices and default settings
-
Cyberspace and territoriality
We intend to publish the code in May 2010, following a public consultation exercise.
We are keen to work closely with interested organisations and individuals in drafting the code. If you would like to be involved in this project, for example by commenting on draft content or attending discussion meetings, please email shona.ritchie@ico.gsi.gov.uk by Friday 19 June. Any offers to host discussion meetings would be particularly welcome.
Responses to the Commissioner’s consultation on the revised CCTV code of practice
In August 2007, we released a draft of our revised CCTV code of practice for public consultation. 45 written responses were received, as well as comments by telephone and at face-to-face consultation events.
Responses came from a wide range of sectors, with the CCTV industry, CCTV users, law enforcement bodies and the criminal justice sector particularly well-represented. The responses were however weighted towards larger organisations and those who were already using the Commissioner’s previous CCTV code; there were no responses from small business users of CCTV. Civil liberties groups were also very under-represented. We took these factors into account when acting on the comments received.
Why and how was the code revised?
The Information Commissioner first published a CCTV code of practice in 2000. Since then there have been significant changes in technology, the application of CCTV, and the legal context. There is also widespread concern about the ‘surveillance society’, and questions have been raised about the effectiveness of CCTV.
In light of this, we felt it was time to reiterate the importance of a systematic approach. The new code emphasises the need to assess carefully whether video surveillance is justified, and to consider the necessary technical requirements.
We also wanted to make it clear that the Data Protection Act 1998 (DPA) is based on principles rather than detailed regulation. The code is therefore phrased as a series of questions and considerations.
Outcomes of the consultation
Respondents overwhelmingly agreed that the Commissioner’s code of practice is an essential tool and that the revised code was easy to read and understand. Nevertheless, many users still felt confused and intimidated by the DPA and there were numerous misconceptions about the law. There was therefore a strong appetite for the code to be detailed and provide clear recommendations.
We did not feel it would be appropriate to be over-detailed or prescriptive, as the law requires CCTV users to exercise their own judgement. We also wanted to make the code more accessible to small business users, and for this reason some suggestions which were only appropriate to large organisations had to be discounted.
However, the consultation was extremely valuable in highlighting ambiguities and sections which would benefit from more explanation. In particular, it was felt that the draft code did not make it clear whether a particular system was likely to be covered by the Act. The final version of the code clearly states that nearly all uses of CCTV by businesses and organisations will be covered, but that private domestic CCTV is always exempt.
Concern was expressed about retention periods, with most respondents feeling that the examples given appeared too restrictive. However, this disagreement was largely resolved once the legal position was stated more clearly. The final version of the code reiterates that CCTV users are responsible for setting their own retention periods, but also makes it clear that retention periods should not be applied in a blanket fashion where this would undermine rather than support the purpose of crime prevention and prosecution.
The draft code took a strong line against recording and listening in to conversations between members of the public, which came as a surprise to several respondents. Recent research has shown that a large majority of the public opposes this development, and so the basic line against monitoring conversations has not been changed in the final version of the code. Nevertheless, we have made it clear that there are some very specific circumstances where audio monitoring could be justified, subject to sufficient safeguards.