Location Amsterdam
Jollemanshof 12
1019 GW Amsterdam
Phone
020 663 1941
E-mail
info@ictrecht.nl
KvK
34216164
BTW
NL8223.30.040.B01
Location Groningen
Leonard Springerlaan 35
9727 KB Groningen
Phone
050 209 34 99
E-mail
info@ictrecht.nl
KvK
68038712
BTW
NL857275835.B01
Location Brussel
Avenue Louise 65
1000 Brussel
Phone
+32 (0)2 535 77 55.
E-mail
info@legalict.com
Ondernemingsnummer
0696.909.465
BTW
BE 0696.909.465
Back to home

The privacy statement: do I really need to tell my users everything?!

In may 2014, Snapchat got a warning from the Federal Trade Commission (FTC) for not being transparant enough towards it’s users.

Snapchat is an app that enables users to send photo or video messages to eachother that will only be shown for a maximum of 10 seconds. Apparently, these messages did not really dissapear. For instance, it was possible to recover the messages with certain tools. The FTC also discovered that Snapchat was collecting a lot more personal data than stated in their privacy policy. On top of that, Snapchat was not honest about the security measures they were taking.

The FTC came to a settlement with Snapchat. From now on, Snapchat needs to be transparent towards it’s users. They must also implement an extensive privacy program. This privacy program will be inspected annually by the supervisory authority for the next 20 years.

So what are the do’s and dont’s regarding collecting personal data?

For instance, you are not allowed to collect location data of your users without notifying them in advance.

So, as a controller of the data, you have the obligation to notify the people you collect data from. This duty will become even more strict once the European Data Protection Regulation is implemented.

What should be stated in a privacy policy? In short, it needs to explain what personal data is being collected and what for. The (current version of the) European Data Protection Regulation summarises what information the controller should give to the ones directly involved (the users):

– The identity and contactdetails of the controller (name, adress of the company and the privacy officer);

– The purpose(s) of the data processing (for instance: “we collect your data in order to process your order and to be able to send the products to you”) and the security measures taken;

– The period of time the personal data will be saved for;

– The rights of the users: they have the right of inspection and correction of their data, but also the right to have data removed or the right to file a complaint at the supervisory authority;

– Information about the recipients of the data (all third parties);

– In case of profiling this needs to be reported as well.

Snapchat actually got away with it this time, since they did not receive a fine. All companies offering their services within the EU will risk a fine as soon as the European Data Protection Regulation is at force. This fine can be up to EUR 100.000.000,-, or 5% of the annual turnover.

Philip van der Weijde

Legal advisor
Fillip works as legal advisor at ICTRecht and is part of the cloudteam, which mainly focuses on cloud computing. Philip advises customers about producing and reviewing various ICT-contracts. Next to this, he helps customers with negotiations about complex ICT-contracts. In this, he guides both the purchaser and the supplier

There are no comments yet

Leave a Reply

Your email address will not be published. Required fields are marked *

Your personal information will only be used to publish and process your response. Please read the privacy statement for more information