'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
Published on July 28, 2021 AUTHOR - Nigel Hawthorn - EMEA Privacy Team
Privacy notices need to be understood by your audience – especially if they are children – we recommend you have your notices in all languages your audience uses.
The Dutch Data Protection Authority has imposed a fine of €750,000 (US$883,000) on a social media company for not providing their privacy notice in Dutch. The Dutch Regulator considered having the privacy notice only in English was not understandable to the audience. As many social media users in The Netherlands are children, who are given additional protections under law, it was decided that it cannot be expected that they will understand a notice in English. This decision is consistent with the transparency principle of the GDPR that requires businesses to provide information to data subjects in a concise, intelligible, easily accessible, and understandable form.
Article 12(1) of the GDPR is relevant here that states:
“The controller shall take appropriate measures to provide any information referred to in Articles 13 (...) relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. (...)”
Three major principles can be derived from Article 12 of the GDPR, read with Articles 13 and 14:
Securiti recommends that you review your websites and apps and your target audience. If you offer services in different countries or web content in different languages, we recommend that your privacy notice is available in all languages you use and the official language of the countries of your audience.
More information on the fine and the PDF of the full decision are available here.
To review your responsibility country by country – read Securiti’s regularly updated “State of Global Consent Requirements” paper and heatmap.
In addition to considerations around language settings, privacy notices need to be always up to date. With rapid software updates becoming the norm, data processing activities are constantly changing and websites along with their cookies are constantly updated – this can lead to privacy violations. Securiti can help you create dynamic privacy notices that change as cookies, data stores and 3rd party data processors are changed, added or dropped or when DSAR portals or universal consent preference links are updated.
To learn more about how Securiti can help, request a demo.
A Comprehensive Platform