Contents

Privacy

Policy actions sorted A-Z.

Create a certification mark for transparency, privacy and security

Products that meet certain requirements of transparency, privacy and security are awarded a certification mark so that people know they can trust the product.

Examples

Commentary

Related policy actions: Certification, Choice and competition, Education and awareness, Markets, Privacy, Security

Link to this policy action

Give people the right to opt out of tracking

People are able to opt-out permanently of tracking, both digitally and physically, to prevent their activity being monitored by invasive service providers, such as advertisers.

Examples

Commentary

Related policy actions: Communications, Privacy, Redress, Regulation

Link to this policy action

Offer a privacy and security advisory service for companies providing digital services

A team or service exists to inform companies about best practices for digital security, consumer privacy and consent models.

Examples

Commentary

Related policy actions: Data protection, Education and awareness, Privacy, Security

Link to this policy action

Promote good security practices through a public campaign

Promote best practices, such as strong passwords and two-factor authentication, to improve public understanding of digital security.

Examples

Commentary

Related policy actions: Education and awareness, Privacy, Security

Link to this policy action

Provide for the right to be forgotten

Legislation that allows private individuals to request a data controller removes outdated or inaccurate information that might cause personal distress.

Examples

Commentary

Related policy actions: Personal data, Privacy, Regulation

Link to this policy action

Regulate Internet of Things devices

Regulators should be able to compel manufacturers to follow standards for privacy and security when designing Internet of Things (IoT) devices, in a similar way that regulators mandate that electrical safety standards are followed. This is important for consumers, because IoT devices collect so much data about a person and their surroundings and privacy considerations are poor at present.

Examples

Commentary

Definitions

Related policy actions: Infrastructure, Privacy, Regulation, Security

Link to this policy action

Regulate the processing of children's data

Digital services should be forced to be limit the way they use children’s data. This ensures children’s right to privacy is maintained when they may not be in a position to make their own consent decisions.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy

Link to this policy action

Require the reporting of data breaches

Data controllers are compelled to publicly report data breaches so that the public know it has occurred and can take action where possible and to incentivise data controllers to maintain secure data handling practices.

Examples

Commentary

Definitions

Related policy actions: Data protection, Disclosure, Personal data, Privacy, Regulation, Security, Transparency

Link to this policy action

Right to consumer privacy

Data controllers handle and protect personal data that is generated through consumer transactions to protect the privacy of consumers.

Examples

Commentary

Related policy actions: Access, Data protection, Education and awareness, Personal data, Privacy, Redress, Regulation

Link to this policy action

Set and enforce data security standards

Government or industry bodies agree a set of standards for securing specific data and transaction types so that people can expect a minimum level of security.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy, Security

Link to this policy action

Set punitive measures for data breaches

Laws and processes exist to prosecute data controllers in the event of a data breach. Punitive measures are intended to incentivise data controllers to better protect consumers data to avoid punishment.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy, Regulation

Link to this policy action

Stipulate when services must encrypt data at rest

Set rules that require data to be encrypted when it’s stored by a data controller to mitigate the risks of a data breach.

Examples

Commentary

Related policy actions: Data protection, Privacy, Security

Link to this policy action

Stipulate when services must encrypt data in transit

Set rules that require data to be encrypted when sent across the internet to prevent it from being intercepted by an unauthorised third party.

Examples

Commentary

Related policy actions: Communications, Data protection, Privacy, Security

Link to this policy action