Privacy Legislation

Privacy legislation

Make sure you have a privacy clause on your website

  • It’s best practice to have this a separate mention
  • Identity data processor (Who is processing the data. This could be outtasked)
  • What’s the data used for ?
  • Allow use for direct marketing (checkbox)
  • Pass on data to third party (checkbox)
  • Data change procedure


A suggestion for phrazing this

(replace the [] with your implementation description for this process)


[Business] cares for your privacy. Although most information on this site is made available without requiring personal data, it is possible the user will be requested to provide personal data. This information will only be use in the context of [e.g. customer care, direct marketing,...]. The user can, without any cost, and at his request object against the use for direct marketing. [Describe procedure: mail to, written to, checkbox website,...] Your personal data will not be passed on to third parties. [describe the process to identify, consult and/or modify the data. E.g. online customer profile, mail procedure, etc...]



[Company] hecht belang aan uw privacy. Hoewel de meeste informatie op deze site beschikbaar is zonder dat er persoonlijke gegevens moeten worden verstrekt, is het mogelijk dat de gebruiker om persoonlijke informatie wordt gevraagd. Deze informatie zal enkel worden gebruikt in het kader van […bvb. klantenbeheer/direct marketing]. De gebruiker kan zich kosteloos en op verzoek, steeds verzetten tegen het gebruik van zijn gegevens voor direct marketing. [Beschrijf de procedure: mail sturen naar, schriftelijk naar, vakje afvinken op website bij profiel,...] Uw persoonsgegevens worden niet doorgegeven aan derden. De gebruiker beschikt over een wettelijk recht op inzage en eventuele correctie van zijn persoonsgegevens. [beschrijving van de procedure om uw te identificeren & de data in te zien/te wijzigen – b.v.b. online profiel]

New EU privacy rulings

Above privacy regulations are a mix of EU and local legislation. A data-privacy-protection proposal passed by a European Union Parliament committee could severely restrict how companies that collect consumer data can use it and share it. If agreed upon by individual EU countries -- a potentially lengthy process -- the legislation would replace a mishmash of privacy rules and give people more control over their personal data.

This proposal is a response to the mass surveillance activities unveiled by the media in June 2013 – e.g. NSA

If all goes well, this should result in new EU legislation becoming active by mid 2014.


This legislation will provide people with more control over their personal data:

  • Tight restrictions on how companies can use personal data
  • Right to demand that the personal information be purged + auto  forward of this purge request to others where data are replicated (in case the original company having collected the data had passed them on)
  • Individual consent required for profiling ! (heavey counter lobby from Facebook, Google...)

Cross (EU)-border block

  • Require companies (search engines, social sites) to get approval from the EU's national data protection authority before divulging personal data to a third country. (NSA scandal...)
  • Notify people affected of the data transfer.

Stiff penalties on violators (really heavy fines - which will damage companies not respecting the rules).

Expected effective date: Before EU election may 2014.