alphagov / verify-local-patterns

Project board - https://github.com/alphagov/verify-local-patterns/projects/1 ||||| This is a prototype of some content that will be included in the GOV.UK Service Toolkit about the best practice for councils to deliver two services - parking permits and concessionary travel. The repo also includes a working prototype of both services which follows the guidance, as delivered by the fictional council of Argleton.
https://github.com/alphagov/verify-local-patterns/projects/1
MIT License
11 stars 23 forks source link

Users need to know how their data will be used #41

Open sanjaypoyzer opened 7 years ago

sanjaypoyzer commented 7 years ago

Services have a legal obligation to inform users how their data is going to be used.

The patterns need to follow our privacy principles. If they councils differ from the pattern in any way, they still must follow those principles. (There's a more public version of this list here).

Also worth looking at the GOV.UK Verify Privacy notice, but I'm really keen that we don't just obscure how we're using user's data in a notice that nobody will read.

sanjaypoyzer commented 7 years ago

Oh, also forgot to mention - There is already a link to a non-existent 'privacy policy' on the photo upload page (/service-patterns/concessionary-travel/example-service/photo/upload). Worth thinking about whether or not this should link to a general council privacy statement, or a photo specific one. This will differ based on what the councils will do with the data, but we should work out a recommendation of how to communicate this based on different cases.

Related to that is working out whether or not we think councils should store the photos to make renewals easier. Possibly that should be a separate Issue and discussion though.

sanjaypoyzer commented 7 years ago

@kaydale Did any work happen on this while I was away?

EUzkuraityte commented 7 years ago

Further advice from Lizzie: Orvokki Lohikoski advised @sanjaypoyzer and @lizziebruce on 24/04 that there's a need to flag how personal data is stored. Key information that the user may be concerned about should be contextualised in the on-page copy. Full details of all data storage should be accessible throughout the user journey, but it is ok to do this in a tradional way for example a footer link.

lizziebruce commented 7 years ago

@EUzkuraityte @sanjaypoyzer

2 things I can see here:

  1. councils need to have a privacy policy to link to (council's own, following Verify principles, possibly extra content around photo uploading/any retention for renewals if agreed on)
  2. data use to be flagged contextually through journey

1 > council team will update their privacy policy to incorporate Verify principles, link to their amended policy will be in footer content 2 > will be done contextually

So can I take the label 'content fix' off this?

EUzkuraityte commented 7 years ago

@lizziebruce @sanjaypoyzer yup, I think there isn't any content here that needs fixing, however, as Lizzie mentioned we need to add in those links throughout the journey as required

lizziebruce commented 7 years ago

@EUzkuraityte @sanjaypoyzer this would be in the council website footer which would automatically show at bottom of all their website pages. Councils should already have this in place. I think it's a legal requirement. So it's more an education piece to ensure council's existing privacy policy follows Verify principles. Perhaps we could add privacy policy as a link in the footer of the prototype to reinforce this, linking to the Verify principles.

EUzkuraityte commented 7 years ago

@sanjaypoyzer can you add (as per Lizzie's suggestion we have privacy policy as a link in the footer of the prototypes).

lizziebruce commented 7 years ago

This is fixed for Argleton and other councils that didn't have privacy link in footer yet i.e. Sunderland, Oxfordshire & Northumberland. Also added examples of other links they might want to include in footer based on quick look at what Bucks, Oxford and Sunderland had.

screen shot 2017-06-21 at 17 06 31