Several pieces of legislation specify mandatory content for websites. The E-Commerce Regulations 2002 is a key one, Privacy and Electronic Communications 2003 (as amended) better known as PECR is another. In addition, company status disclosure rules apply to both websites and email communication meaning that limited companies must provide registration details on both.
Since 2011 the Advertising Standards Authority has had responsibility for policing the content of marketing messages and advertisements on websites under the same regulations as adverts that appear in newspapers and posters, email, text and post.
We find that it is easy for website owners to overlook the regulatory requirements in practice. Websites are often dynamic, changing quickly to ride new trends, changing content to appeal to a new or different audience. Sometimes links to Privacy Policies stop working due to changes made elsewhere on the website such as hiding a page or disabling links.
The solution: check your website regularly to make sure that the mandatory content is still easy to access and clear to readers, another aspect of the statutory obligation.
We provide a website checking service for clients to give them peace of mind that their organisation’s public face is compliant. Documented checks also help to build records to establish Accountability under GDPR.
A new twist in website compliance is the introduction of the Age Appropriate Design Code in September 2020. Organisations that provide online services to persons under the age of 18 need to start considering how the Code impacts. Promoting children’s services on a website or using images or features likely to attract children to your website (games, kittens, puppies, sweetshops to name a few obvious ones) will fall under the Code. There is a period of grace until 2 September 2021 before the Code is enforced by the Information Commissioner’s Office but organisations will be expected to show progress towards implementation before that date. No doubt we will be blogging more about this topic as some of the practicalities come to light working with clients.
Mandy Webster, Data Protection Consultant, Data Protection Consulting