The European Data Protection Supervisor will provide support to the Commission.

In a recent development, the Hessian Data Protection Officer for Data and Freedom of Information (HBDI) released its 53rd Activity Report, which spotlights the ongoing issue of transparency in privacy notices in practice. The report, among other things, investigates the data protection declarations on a personnel recruitment agency's website, revealing various transparency deficiencies. However, this time, the focus is on Amazon, following a complaint about insufficient transparency in their privacy policy on the website.

Transparency is a fundamental data protection principle, as enshrined in Article 5(1)(a) GDPR. The controller, as per Article 12(1) Sentence 1 GDPR, is required to provide all data subject information in a concise, transparent, intelligible, and easily accessible form. This means that the clear structure of the processing, the purpose pursued, and the relevant legal basis should be presented in the privacy notices.

To achieve this, the HBDI offers several tips. For instance, the avoidance of using modal verbs is a tip for clear and concise privacy notices. Precise headings or umbrella terms should be used in the privacy notices for better understanding and organization. The use of a table of contents with a dropdown function or a privacy dashboard is often recommended for more transparency in website privacy declarations. Direct linking of privacy notices referred to is a practice that facilitates easier navigation and understanding of the privacy information.

Moreover, the use of these tools is dependent on the scope of data processing. These tools provide separate privacy notices tailored to the affected category at first glance, promoting transparency and structuring information. The table of contents or privacy dashboard makes it easier for data subjects to inform themselves about the data processing that affects them.

Linguistic adaptation and explanations tailored to the target audience are also important for clear and understandable privacy notices. Transparent privacy notices can serve as a positive showcase for a company, or, in the case of insufficient transparency, a significant weak point.

Articles 13 and 14 of GDPR outline the data information obligations that the controller must fulfill. Articles 15 to 22 and 34 of GDPR specify the communications that the controller must provide to the data subject regarding data processing. The HBDI's report highlights the omnipresent issue of these obligations not being met in practice.

In conclusion, the HBDI's 53rd Activity Report serves as a reminder of the importance of transparency in privacy notices. Companies like Amazon, as well as other controllers, are encouraged to review and improve their privacy policies to ensure compliance with GDPR and to provide clear, concise, and easily accessible information to their data subjects.