Elaboration and Developing Privacy Policy Guideline — Tenth: Availing and Providing Access to Privacy Policy says that controllers must make their Privacy Policy easy to find, easy to understand, and regularly updated. It should use simple, inclusive language, and may include icons, visuals, and structured layout to ensure clarity. Controllers must also notify users of updates and tailor the format for special groups like children or people with disabilities.
Tenth: Availing and Providing Access to Privacy Policy
The Controller shall provide access to the Privacy Policy and ensure that its content is written in clear, non-misleading, easy-to-read, and understandable language suitable for the comprehension level of all categories of Data Subjects. In addition, the necessary measures shall be taken to notify individuals of the Privacy Policy, as privacy notification is one of the primary ways to inform individuals about the collection of their data. This can be done through app notifications, SMS, e-mails, or a standalone form provided to Data Subjects before or during the collection and processing of their Personal Data. The Controller shall periodically review the Privacy Policy and record any amendment or update introduced thereto in the update record stated in the Clause (Second) hereinabove. In addition, any of the following methods can be followed:
- Adding pictures and icons that express the content of clauses and paragraphs in a manner that facilitates the reader’s quick understanding of the content.
- Reordering and titling clauses and paragraphs in a logical manner that stimulates rapid reading and comprehensing.
- The Privacy Policy shall be designed in a clear and understandable manner for specific groups if the entity aims, in full or in part, to process data of such special segments (children, elderly, persons with disabilities).
- The Privacy Policy shall be designed in a language suitable for the target audience.
- Adding other related links to the Privacy Policy, such as Terms & Conditions, Cookie Policy, and Personal Data Protection Law.
Explanation of Tenth: Availing and Providing Access to Privacy Policy
Easy to read:
Elaboration and Developing Privacy Policy Guideline — Tenth: Availing and Providing Access to Privacy Policy requires Controllers to write their policy in clear, non-deceptive, and understandable language tailored to their audience.
Communicate updates:
Elaboration and Developing Privacy Policy Guideline — Tenth: Availing and Providing Access to Privacy Policy emphasizes notifying Data Subjects via email, SMS, app pop-ups, or forms when their data is collected or if the policy changes.
Track updates:
Elaboration and Developing Privacy Policy Guideline — Ninth: Complaint and Objection Filing Mechanism mandates that privacy policies must inform Data Subjects about their right to escalate unresolved complaints to the Competent Authority (SDAIA).
Special groups:
Elaboration and Developing Privacy Policy Guideline — Tenth: Availing and Providing Access to Privacy Policy encourages using tailored formatting, visuals, and logical structure to enhance comprehension, especially for vulnerable groups like children or individuals with disabilities.
Supportive context:
Elaboration and Developing Privacy Policy Guideline — Tenth: Availing and Providing Access to Privacy Policy advises linking related documents like Terms & Conditions, Cookie Policy, or PDPL itself to support transparency and user awareness.
