IAPP Training · Module 6 - BoK III.C

Module 6 · Privacy notices and formats

A privacy notice describes how an organisation collects, uses, retains and discloses personal data (a.k.a. privacy statement / fair processing statement / privacy policy). To make notices digestible, controllers use layered notices (WP29 endorses up to three layers), just-in-time notices (delivered at the point of collection), and standardised icons (Recital 60; the Commission may develop them under Recital 166).

A privacy notice describes how the organisation collects, uses, retains and discloses personal data. It goes by several names: privacy statement, fair processing statement, privacy policy.

Layered notices - WP29 endorses up to three layers; the top layer carries key elements plus links.
Just-in-time notices - delivered at the point of collection or use.
Standardised icons - Recital 60; the Commission may develop them (Recital 166).

Acquisition scenario

When R-Way Delivery is acquired by Global Haul and data usage will change, the right approach is to provide a privacy notice beforehand about the change.

Key terms - quick answers

What is “Privacy notice”?

A statement describing how an organisation collects, uses, retains and discloses personal data; also called a privacy statement, fair processing statement or privacy policy.

What is “Layered notices”?

A format that presents key elements up front with links to fuller detail; WP29 endorses up to three layers.

What is “Just-in-time notices”?

Notices delivered at the precise point of data collection or use.

← Module 6 · Transparency (Article 12)Module 6 · Article 13 vs Article 14 (direct vs indirect collection) →