According to the GDPR the required information must be communicated in a concise, transparent, understandable and easily accessible way, in clear and simple terms.
What does this mean for the data controller?
For the information to be comprehensive, simple vocabulary must be used, with short sentences that are as direct as possible. Legal, technical, abstract or ambiguous terms should be avoided. The information must also be adapted to the target audience, i.e. it would sometimes be appropriate to include videos, animations, cartoons or comics to facilitate understanding of the information.
The information must therefore be comprehensive, but also concise and succinct so as not to lose the user.
The message must therefore be short, readable, and adapted to the situation and the media. Several information modalities can be combined according to the specificities of each treatment. The information must be understandable to the majority of the target audience.
If the data controller is uncertain about the level of comprehensibility and transparency of the information, it can test this through mechanisms such as user panels, readability tests, formal or informal interactions or by dialoguing with business groups, organizations representing consumer interests or regulatory bodies.
Finally, the *accessibility of information** is as important as its form. The individual should not have to search for the information. It must be made available to them, and it is up to the data controller to direct them to the information. This can be done by working on the content and visuals of the site in such a way that the information is clearly distinguished from other clauses or information that do not concern the protection of personal data. The methods of communicating information must therefore be adapted to the context and facilitate interaction with individuals.
Online, the value of providing a privacy statement or privacy provisions is to meet this objective. This way, the user does not have to navigate through a large amount of text to the specific section of the privacy statement that he or she wants to see.
The GDPR advises the use of various technologies to facilitate accessibility, such as QR codes, audio messages, pop-ups…
Obviously, all these methods must be adapted to the environment.
To summarize, in order to comply with this information and transparency obligation and thus be in compliance with the GDPR on this point, the data controller must adapt the information to the situations and the collection media and make sure to make it accessible and understandable.