Source · Select Committees · Culture, Media and Sport Committee
Recommendation 2
2
Acknowledged
Paragraph: 36
Introduce measures to standardise intuitive privacy interfaces for connected devices, empowering users.
Recommendation
The Government should introduce appropriate measures to standardise privacy interfaces for connected devices as a first step, which will help users learn how to control connected devices in their homes and exercise data rights. Privacy interfaces should be appropriately accessible, intuitive and flexible enough so users of a reasonable level of digital literacy and privacy expectations can use them, without requiring them to go through complex dashboards with long lists of terms and conditions and settings. Interfaces should also provide information on how devices are connecting to other devices and networks, to provide transparency about data flows.
Government Response Summary
The government partially accepts the recommendation, referencing existing GDPR requirements for privacy information. While not committing to standardising interfaces for connected devices, it will engage with interest groups in the coming months to explore options for simpler and more granular cookie preference choices using automated technologies.
Paragraph Reference:
36
Government Response
Acknowledged
HM Government
Acknowledged
We partially accept this recommendation. Articles 13 and 14 of the UK GDPR currently specify what organisations need to tell individuals when collecting and processing their personal data.There are some types of information that organisations must always provide, while the provision of other types of information depends on the particular circumstances 1 https://ico.org.uk/media/about-the-ico/documents/4023338/ico-future-tech-report-20221214.pdf 4 Connected tech: smart or sinister?: Government and Information Commissioner’s Office Response of the organisation, and how and why it uses people’s personal data. Article 12 of the UK GDPR sets out that the information provided by organisations should be in a concise, transparent, intelligible and easily accessible form, using clear and plain language, particularly when addressed to children. The ICO provides guidance for organisations on how to provide privacy information, for example at: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/ individual-rights/the-right-to-be-informed/how-should-we-draft-our-privacy- information/ engaging with connected technology. During debates on the Data Protection and Digital Information Bill, Ministers have made it clear that cookie consent banners, for example, do not work. Often the information presented to web users is too dense or opaque for web users to understand and people often “accept all” without fully understanding what they are signing up to. That is why the government will look more closely at how we can ensure that people are given simpler and more granular choices when setting their cookie preferences. As part of this work, the government will be engaging with a range of relevant interest groups, including tech experts, regulators, groups representing internet users, privacy rights groups, browser providers and online advertisers in the months ahead to explore the key opportunities and risks within each option for enabling people to select their cookie preferences using automated technologies.