Are there requirements for written privacy policies

By providing these two options the platform has essentially ensured that the consent obtained from the user was informed and proper and avoid the risk of being construed as a contract of adhesion.

Purpose of information collected The privacy policy needs to clearly specify the purpose of collection of the information.

An omnibus purpose which ambiguously refers to future commercial usage may not be favourably viewed by Indian courts, especially if the other elements of the privacy policy have not been met The information collected for a specified purpose cannot be retained for longer than it is required of the purposes Thus, once the personal information has been used in accordance with the identified purpose it should be destroyed by the data controller.

However the privacy policy should clearly specify the manner in which the personal information is intended to be used. Disclosure of information. The type of information collected must also be clearly informed to the information provider. Technological advancement is not equivalent to technological literacy. It is not audacious to assume that many of the internet users are still unaware of the perils of data divulge.

Therefore, it is vital that the information provider be informed about the nature of his personal information that is being collected. The data controller must also permit the providers of information, as and when requested by them, to review the information they had provided The other side of this aspect is that the data controller must also obtain prior permission if it intends to disclose the collected information to a third party 18 except with government agencies mandated under law.

Security practices. The Sensitive Information Rules 19 mandates every data controller to have comprehensively documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of the business.

This document is often confused by the business with their privacy policy which is not the case. Footnotes 1. Fostering such innovation and entrepreneurship is essential 4. See Rule 4 of the Sensitive Information Rules. See para of the judgement. See Rule 5 of the Sensitive Information Rules. See Rule 5 4 of the Sensitive Information Rules. See Rule 5 6 of the Sensitive Information Rules.

See Rule 6 of the Sensitive Information Rules. See Rule 8 of the Sensitive Information Rules. Summary to the documentary 'Democracy: Im Rausch der Daten' In re Kharak Singh , at page Suneeth Katarki. Ashi Bhat. Data Protection refers to the set of privacy laws, policies and procedures that aim to minimise intrusion into one's privacy caused by the collection, storage and dissemination of personal data.

Personal data generally refers to the information or data which relate to a person who can be identified from that information or data whether collected by any Government or any private organization or an agency. On 24 August , the Supreme Court of India in a historic judgement declared the right to privacy as a fundamental right protected under the Indian Constitution.

The very idea of privacy has seen been challenged by the widespread use of the internet. Privacy as such is very hard to enforce, as compared to pre-internet and social media times.

The recent news regarding Pegasus, which is a surveillance software developed by an Israel-based cyber security company, has sparked a lot of controversy. Unlike the European Union which adopted the Data Protection Directive in and has most recently passed the General Data Protection Regulation that is scheduled to become enforceable Sign Up for our free News Alerts - All the latest articles on your chosen topics condensed into a free bi-weekly email.

Register For News Alerts. Article Tags. Part 1 MZM Legal. NOV Securitisation Outlook and Key Tax Updates for More Webinars.

Alternative Investment Funds. Artificial Intelligence. Aviation Finance. Aviation Regulation. Mondaq Advice Centres. Arbitration, Litigation and Conciliation. More MACs. More filters. Your privacy statement must accurately reflect your site's data collection and use. Is the information personally identifiable? For example, does your site collect:. Is the data collection appropriate to the activity or transaction? If not, why do you collect it?

Campus policy prohibits sharing, redistributing, or selling personal information collected on webservers. The Fair Information Practice Principles of transparency and consent require that consent is obtained prior to collection. Additionally, users must be informed if their information is used for any purpose other than for which consent was given.

If your website does not collect analytics or other personal information, this sample Privacy Statement can be customized with revision dates, and contact information for use on your UC Berkeley website. If your website collects analytics or other personal information, this sample Privacy Statement can be customized for use on your UC Berkeley website. Skip to main content. The Campus Online Activity Policy states: "Technology service providers who collect data via website interfaces must adhere to the provisions of the Privacy Statement for UC Berkeley Websites and must post a privacy statement to notify users regarding the types and uses of data that is gathered.

You can read full policy generator features here or simply start generating your policy now. Documentation Home Documentation Search. Hide index. Table of Contents. Show index. What data is being collected? How is that data being collected? What is the Legal basis for the collection?