The text below is indicative of many www sites we are asked to review, and
the question remains unanswered as to whether this is legal (acceptable)
practice. The number of times we see it occurring versus the number of
prosecutions might suggest that it is acceptable practice!
" we may amend this policy from time to time, at our discretion. If we make
any substantial changes in the way we use your personal information we will
notify you by posting the changes here on these Privacy Policy pages. If you
have more questions or comments, please send your feedback ..."
The obvious conflict is in the 'assumption of consent without response' - If
the data controller were to make any 'substantial changes', surely this
would require consent i.e. a positive action on behalf of the data subject?
I have noticed my bank doing similar things (via post) with changes to terms
and conditions (usually related to transfers outside of the EEA).
Any views?
Duncan Smith
Managing Director
iCompli Limited Northampton UK
t: 08707 70 48 66 f: 08707 70 48 69 m: 07775 56 81 80
Mailto:[log in to unmask] Web: www.icompli.co.uk
<http://www.icompli.co.uk/>
"Compliance in your language"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|