The ICO has conducted a review of 30 UK websites in the retail, banking and lending, and travel and finance price comparison sectors. The review found that data protection and privacy notices were inadequate. This was part of a global investigation by 24 data protection regulators.

The problems identified in the UK included:

  • 26 of the 30 organisations failed to specify how and where personal information would be stored or transferred
  • 26 organisations failed to adequately explain whether they share data with third parties and who that data would be shared with
  • 24 organisations failed to provide users with a clear means for deleting or removing their personal data
  • Seven organisations did not make it clear how a user could access the data held about them

Overall, the Global Privacy Enforcement Network (GPEN) concluded that organisations still referred to outdated legislation and frameworks and many of those providing services at international level seemed to be unclear as to which legislation or jurisdiction was applicable.