March 7, 2021

Volume XI, Number 66

Advertisement

March 05, 2021

Subscribe to Latest Legal News and Analysis

March 04, 2021

Subscribe to Latest Legal News and Analysis

The UK’s Data Protection Regulator to Introduce “Privacy Seals” for Businesses

The UK’s Information Commissioner’s Office (ICO) has announced that it is looking to introduce a system of “privacy seals” for organizations doing business in the UK.  The seal is intended to be a consumer-facing stamp of approval demonstrating that a particular organization is meeting or surpassing the compliance requirements of the UK’s Data Protection Act.  The ICO expects that this will provide numerous benefits, both for companies, who could gain an advantage over competitors, and for customers, who should feel confident entrusting their personal information to companies displaying the seal.  It is hoped that the privacy seal will incentivize good data protection practices across UK businesses.

The privacy seals themselves will be delivered by third party operators who are endorsed by and work with the ICO.  It is expected that different operators will focus on different sectors, meaning that accreditation schemes can be tailored to particular industries.  For example, an operator handling the privacy seals for mobile app companies may be different to the operator assigned to healthcare service providers.  A privacy seal will only be awarded to an organization once they have demonstrated that they meet the relevant data protection standards.

The ICO plans for the privacy seal to remain active for a period of four years, after which the organization must apply to be re-certified.  The seal can also be withdrawn if the organization fails to maintain the standards expected from the program.  The ICO is confident that the privacy seal program has the support of legislators and is responding to consumer demand for higher data protection standards.

It is anticipated that privacy seals will come into effect in 2016.  A consultation run by the ICO in 2014 raises some important questions from stakeholders regarding the operation of the scheme.  One particular concern is whether privacy seals should be implemented in the UK prior to the entry into force of the EU-wide General Data Protection Regulation, still under negotiation in Europe.  The ICO maintains that it should, in part because it views the privacy seal mechanism as an opportunity to build the ICO’s expertise in this area in preparation for future compliance with the Regulation.

Privacy certification schemes already exist in Europe, such as the European Privacy Seal (EuroPriSe), which provides certifications for IT-based products and services throughout the EU, and the French data protection authority’s “Label CNIL” privacy certification scheme.  These various mechanisms are likely to be harmonized across all EU Member States once the General Data Protection Regulation comes into force.  Covington will continue to track developments in this space.

This post was written with contributions from Fredericka Argent.

Advertisement
© 2020 Covington & Burling LLPNational Law Review, Volume V, Number 30
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Repeatedly ranked as having one of the best privacy practices in the world, Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry, and of e-commerce and digital media business models in particular.  Our practice provides exceptional coverage of all of the substantive areas of privacy, including IT/technology, data security, financial privacy, health privacy, employment privacy, litigation and transactions.  One of our core strengths is the ability to advise clients on relevant privacy and data security rules worldwide,...

202-662-6000
Advertisement
Advertisement