By Gemma Farmer, Senior Policy Officer.
It’s been a little while since we talked about the ICO’s plans to introduce a brand new, consumer facing privacy seal for UK data controllers.
Since then we’ve continued beavering away behind the scenes, laying the legal and technical foundations and exploring how to best achieve the high level of consumer recognition that will be essential to the success of the privacy seal. Putting these in place is taking a little time, but once these foundations are ready, we will publish the final framework criteria and invite proposals from potential scheme operators who would like to run an ICO endorsed privacy seal scheme.
We know this work is eagerly anticipated, and it’s pleasing to see such strong levels of interest from potential scheme operators and from organisations across sectors who wish to display a seal.
How the ICO will work with scheme operators?
We have been working on establishing the legal structure for the relationship between the ICO and future scheme operators. This is new ground for the ICO, and there is no precedent for the arrangement that will need to exist with the scheme operators.
Our intention is to have a trademarked privacy seal logo, which we can then license to scheme operators. Each scheme operator – once accredited by the UK Accreditation Service (UKAS) – will then be able to allow organisations who meet the operator’s assessment criteria to display their seal on their products. Consumers will then be able to identify the organisations that are meeting the highest data protection standards.
What will the seal look like?
Having established the privacy seal logo will be at the centre of this work, we must now develop that logo. We have carried out some exploratory consumer research and early design work, which has reinforced the importance of making sure that the logo that represents the seal is unique, resonates with consumers and works for organisations who must be able to display it in a variety of environments.
We have now launched an invitation to tender for a marketing strategy and the creation of the logo to represent the privacy seal.
Once we have a final logo design, we’ll move to invite proposals from potential scheme operators. We hope to begin inviting proposals in early 2016.
The draft General Data Protection Regulation
While our work here in the UK continues, we are also keeping an eye on developments in Europe. You may remember that privacy seals were included in the draft EU data protection reforms, and remain part of the ongoing negotiations (which David Smith’s blog recently provided an update on).
It is difficult to speculate on how the final EU Regulation will look at this stage, but it’s fair to say that all the parties involved in the negotiations support ‘certification mechanisms’ consistent with our plans.
Based on the Commission’s current timetable, the ICO privacy seal should be up and running before that Regulation comes into force. This should give us – and the scheme operators – some flexibility to adapt our schemes to meet the provisions of the Regulation, if needed. And of course any new law will continue to place a general duty on the ICO to promote awareness and compliance, which the privacy seal will help to fulfil.
Sign up to receive our e-newsletter to keep up to date with future privacy seal developments.
Last updated 28/08/2015 15:15
|Gemma Farmer is a Senior Policy Officer in the ICO’s Policy Delivery department. Her team leads on the Privacy Seals project, research on the impact of the ICO’s civil monetary penalties and formal responses to any consultations on the Data Protection Act.|