Securiti PrivacyOps Named a Leader in The Forrester WaveTMDownload Now
Published on July 28, 2021 AUTHOR - Nigel Hawthorn - EMEA Privacy Team
Privacy notices need to be understood by your audience – especially if they are children – we recommend you have your notices in all languages your audience uses.
The Dutch Data Protection Authority has imposed a fine of €750,000 (US$883,000) on a social media company for not providing their privacy notice in Dutch. The Dutch Regulator considered having the privacy notice only in English was not understandable to the audience. As many social media users in The Netherlands are children, who are given additional protections under law, it was decided that it cannot be expected that they will understand a notice in English. This decision is consistent with the transparency principle of the GDPR that requires businesses to provide information to data subjects in a concise, intelligible, easily accessible, and understandable form.
Article 12(1) of the GDPR is relevant here that states:
“The controller shall take appropriate measures to provide any information referred to in Articles 13 (...) relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. (...)”
Three major principles can be derived from Article 12 of the GDPR, read with Articles 13 and 14:
Securiti recommends that you review your websites and apps and your target audience. If you offer services in different countries or web content in different languages, we recommend that your privacy notice is available in all languages you use and the official language of the countries of your audience.
More information on the fine and the PDF of the full decision are available here.
To review your responsibility country by country – read Securiti’s regularly updated “State of Global Consent Requirements” paper and heatmap.
In addition to considerations around language settings, privacy notices need to be always up to date. With rapid software updates becoming the norm, data processing activities are constantly changing and websites along with their cookies are constantly updated – this can lead to privacy violations. Securiti can help you create dynamic privacy notices that change as cookies, data stores and 3rd party data processors are changed, added or dropped or when DSAR portals or universal consent preference links are updated.
To learn more about how Securiti can help, request a demo.
A Comprehensive Platform
January 15, 2022
If there were any lingering doubts about how seriously Europe takes its users' privacy in 2022, they were put to rest this week. Google & Facebook have been fined a combined €210m (£176m) by the Commission Nationale de...
January 3, 2022
Explaining European Commissions’ GDPR Adequacy Decisions The European Union’s GDPR applies to organizations within and outside the EU where countries that aren’t a part of the EU are regarded as third countries. The GDPR restricts the transfer of...
PO Box 13039,
Coyote CA 95013