The UK Information Commissioner is developing a series of Codes of Practice on various areas of data protection that often cause problems. The intention is to provide practical recommendations of good practice, rather than to discuss the minutiae of the law. To achieve this, the Codes are written in plain English, with plenty of illustrations of good and bad practice. The first Code, on Privacy Notices, was published in June.
I was recently invited to a meeting to discuss the next code, on Personal Information On-line. This is intended to help both those who provide on-line services and those who use them as individuals or outsourcers. A particular problem is that on-line services almost inevitably involve transfers of personal information between countries and therefore, even though all EC members share the same Data Protection Directive, have to cope with differences between national implementations and interpretations of the Directive. The aim of the Code is therefore to suggest pragmatic measures that can be taken to satisfy the principles of UK and EC law, which should also benefit individuals and services elsewhere on the Internet. A complete draft of the Code will be launched in December with a public consultation thereafter.
