The GDPR and website / app privacy

The terms "website privacy" and "website data protection" are commonly used to refer to the UK and EU data protection laws and regulations which apply to the collection and use of personal information via websites. Generally, these are now encapsulated in the EU law known as the General Data Protection Regulation or “GDPR”.

Amongst their various data protection rights under the GDPR, individuals have the right to be informed about collection and use of their personal information.

As a starting point, you need to have a detailed website privacy notice or privacy policy which explains in detail what kind of personal data you collect via your website or app, the legal basis for collecting it, how you use it, to whom you send it, how long you keep it  etc. The GDPR requires, amongst other things, that the privacy notice be “clear and transparent”.

In some cases - e.g. if you want to use contact details for email or other marketing  – the GDPR dictates that you have to go further and get appropriate consent from web users at the point where you collect the data. This must be “unambiguous and involve a clear “affirmative action”, i.e. “opt in”. Careful records must be kept and it has to be as easy to opt out as to opt in – relying on an unsubscribe option in a marketing email won’t do.

If you don't get the right consent, then amongst other things you can be sued by data subjects or subject to regulatory enforcement action.

Another important aspect of internet data protection concerns the EU restrictions on transferring personal data outside the European Economic Area, known as the EEA (the EU plus Iceland, Liechtenstein and Norway). There are various ways round this including export to various countries recognised by the EU as providing an adequate level of data protection, transfer to US companies which have signed up to the “EU / US Privacy Shield" or transfer under contracts which contain certain provisions sanctioned by the EU.  Your privacy policy must explain exactly what steps you are taking to protect personal information sent outside the EEA.

Amongst the other internet privacy issues which arise are the special steps which must be taken when one is collecting " special category data" (such as details of racial or ethnic origin or physical or mental health) or when acquiring any form of personal data from.

How Adlex Solicitors can assist with advice on web privacy and internet data protection ...

... for a free initial chat and more information, contact web lawyer Adam Taylor on +44 (0) 207 317 8404 or email.

Or email us your telephone number to request a callback