The Hungarian Data Protection Authority (NAIH) issued a recommendation for website owners on requirements as to the level of security and privacy policies disclosed pertaining to the processing of personal data.
Most of the websites – directly or indirectly – collect personal data on their visitors. Typical examples of such data processing are contact forms or newsletter subscriptions but many websites collect personal data indirectly by using different built-in modules such as Google Analytics or Adwords. The recommendation of NAIH emphasizes that in the course of data processing on websites, the most up-to-date technical solutions shall be applied that guarantee a higher level of data security, for instance the use of SSL and TLS technology and certificates that encrypt the communication between the user’s device and the server of the website.
The recommendation suggests that already the contract concluded with the developer of the website shall specify what kind of data processing tools and solutions will be applied and whether analytical tools will be used on the website or not.
NAIH describes several requirements concerning the privacy policy to be disclosed on the website, in particular on the rights of the concerned persons and the information on the processed data. It particularly emphasizes the importance of information on the use of cookies and suggests that the privacy policy should include links to pages on how to manage and turn off cookies on the most commonly used browsers (e.g. Chrome, Mozilla).