Why have a privacy statement?
To protect internet shoppers and other website visitors, Dutch law requires anyone who gathers personal data on line to inform people before taking the data (Data Protection Act, Section 33). That requirement can be met by providing a privacy statement for the customer or visitor to read. The statement can be included in the organisation's terms and conditions, or it can take the form of a separate document. In the privacy statement, a website controller has to explain clearly what is going to happen to your personal data. Unfortunately, a lot of companies don't actually provide privacy statements. Either they don't know about the requirement, or they misinterpret it. A common mistake is not drawing the visitor's attention to the statement until after the personal data has been submitted.
Study of privacy statements in .nl
Last year, SIDN investigated the situation with privacy statements in the .nl zone. The study involved trawling through the entire zone. Using a 'crawler' and Chamber of Commerce data, we began by establishing how many .nl websites gathered personal data. We then counted the number of sites that had content that looked as if it could be some form of privacy statement. We took a broad view of what might be a privacy statement: we included terms and conditions documents, for example. We did not consider the quality of the content in question.
Most sites don't have privacy statements
Does your website comply with the Data Protection Act?