Transparency, privacy policies and notices

The United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) provides various requirements concerning data transparency.

The terms ‘privacy policy’, ‘data protection policy’, ‘privacy notice’, ‘privacy statements’, ‘fair processing notices’ and ‘data protection notice’ are interchangeable.

For an introduction to the UK GDPR, see Practice Notes: Introduction to the EU GDPR and UK GDPR and The UK General Data Protection Regulation (UK GDPR).

This subtopic contains guidance:

•
relating to privacy policies generally
•
on the related topic of cookie policies
•
relating to employment specific policies

Transparency and the role of privacy policies

Transparency is an overarching obligation under the UK GDPR

The concept is embodied in the lawfulness, fairness and transparency principle under Article 5(1)(a) of the UK GDPR, which requires personal data to be ‘processed lawfully, fairly and in a transparent manner in relation to the data subject’.

However,

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

ICO issues enforcement notice to Bristol City Council over failures to respond to data requests

The Information Commissioner's Office (ICO) has issued an enforcement notice to Bristol City Council (BCC) for failing to respond to subject access requests (SARs). The notice requires BCC to: (1) notify individuals with overdue SARs about the delays; (2) provide outstanding SAR responses by specified deadlines, prioritising the oldest cases from 2022 to be resolved within 30 days; (3) submit weekly progress updates to the ICO until all overdue SARs are resolved; (4) develop an action plan within 90 days to address the SAR backlog, including defined responsibilities, prioritisation and timelines; and (5) implement system and process improvements within 12 months, including adequate staffing, resources and staff training to ensure compliance with the UK General Data Protection Regulation requirements.

Information Law weekly highlights—25 September 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

The construction of jurisdiction clauses in the context of the Contracts (Rights of Third Parties) Act 1999 and the mechanisms of service(Campeau v Gottex Real Asset Fund 1 (OE) Waste S.À.R.L)

Dispute Resolution analysis: This case considers a jurisdictional clause in the context of service under CPR 6.33(2B)(b), which allows service out of the jurisdiction where the defendant is party to a jurisdiction clause. There is no corresponding requirement for the claimant to be a party to that jurisdiction clause. The starting point is that jurisdiction clauses are not generally intended to concern disputes with third parties. However, that is no more than a starting point and one which can be departed from in appropriate cases. This was one such appropriate case whereby the circumstances and construction of the clause led to the finding that it did include the third party claimant’s (Mr Campeau) claim. While not strictly necessary given the judge’s findings in relation to the construction of the clause, Mr Justice Butcher considered that, where a jurisdictional clause was wide enough to encompass disputes from third parties, then it will likely also amount to a ‘relevant term’ for the purposes of section 1(4) of the Contracts (Rights of Third Parties) Act 1999 (C(RTP)A 1999). That meant that the third party, in seeking to enforce their rights under the SPA, was statutorily obliged to do so in England and so could rely upon CPR 6.33 (2B) (b) in that respect also. Written by Georgia Whiting, legal counsel (contentious construction) at Capita.

Libel, truth and public interest (Clarke v Guardian)

TMT analysis: The court dismissed the actor and director Noel Clarke’s claim in libel against the publisher of the Guardian newspaper. The case concerned eight articles published by the Guardian. The first article was titled ‘“Sexual predator”: actor Noel Clarke accused of groping, harassment and bullying by 20 women’, which the Guardian admitted had caused or was likely to cause serious harm to Mr Clarke’s reputation under section 1 of the Defamation Act 2013 (DA 2013). The Guardian denied that serious harm was caused by the remaining seven articles. The court determined the issue of serious harm in respect of the other seven articles, and the Guardian’s defences of i) truth under DA 2013, s 2, and ii) publication on matter of public interest under DA 2013, s 4. The Guardian succeeded on all the disputed issues: the remaining articles did not cause Mr Clarke serious reputational harm, and the articles were substantially true and published on a matter of public interest. Written by Hector Penny, barrister at 5RB.

View Information Law by content type :

News