COOKIE NOTICE: 3C Consultancy uses cookies to store information on your computer, in order to improve your experience when using our website. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site (using your browser), but parts of the site may not work. To find out more about the cookies we use and how to delete them, Read More.

Call us: 0333 900 3003

Make Your Privacy Notices Transparent

By ignoring the small print, over 500 American college students unwittingly agreed to hand over their future first-born child to a social network service called NameDrop.[1]

They’d read “By clicking ‘Join’ you agree to abide by our terms of service” and then pressed the button to sign-up. Only a quarter bothered to check what the terms of service were.

Fortunately for the students, NameDrop didn’t exist—it was part of an experiment run by two communications professors Jonathan Obar of Toronto’s York University and Anne Oeldorf-Hirsch of the University of Connecticut. But the experiment shows that too few consumers read the small print.

The students aren’t alone. A UK study of online shoppers carried out by the former Office of Fair Trading found that only one in five bothered to read the small print in sales contracts and it cost them billions of pounds each year. One of the reasons they were put off reading the small print was that it was too full of confusing legal or technical jargon.[2]

From May 25th, however, individuals should at least be more informed about how and where their personal data will be used by organisations here in the UK and Europe. That’s when the EU’s General Data Protection Regulation comes into force. It’s designed to provide far greater data protection rights for individuals.

Under the GDPR, organisations will have to be more transparent when it comes to communicating with individuals about the use of their personal data. Any communication must be easy to read and understand so that people are aware of how and where their personal data will be used.

As Colin Sales, 3C Consultants’ Managing Director, explains in this video, one of the most common examples of this will be privacy notices. Every organisation will have a duty to ensure its privacy notice is easy to read and understand.


The Information Commissioner’s Office, which will be responsible for enforcing the GDPR, is explicit when it comes to creating a privacy notice.

It says you should:

  • Use clear, straightforward language;
  • Adopt a simple style that your audience will find easy to understand;
  • Not assume that everybody has the same level of understanding as you;
  • Avoid confusing terminology or legalistic language;
  • Be truthful. Don’t offer people choices that are counter-intuitive or misleading.

In his video, Colin says that now is the time to ensure your privacy notice is compliant with the GDPR, before he reveals what your privacy notice must communicate.

If you need help or would like to discuss any issue that this GDPR video series raises, please call us now on 0333 900 3003.


[1] ‘Click to agree with what? No one reads terms of service, studies confirm’, Berreby, David, The Guardian,, March 3, 2017

[2] ‘No one reads terms of service, studies confirm’, Butterworth, Myra, Silver, Katie, The Telegraph,, February 4, 2011