Just to pick your brains and get feedback. The scenario: A company offers a franchise, and offers an area on their website that was a service to the franchisee who paid for the service to get and use information that helped their business. The website owner tracks who logs on and how often/when etc through a secure login, does this require a privacy policy/description as such? (UK) Opinions are welcome but I would appreciate any hard facts on this subject. Edit: Just to clarify the self-employed people get a unique login which this company wants tracked so they know who logs in and when. Its already happening on one of their other sites with no disclaimers/privacy policy etc
The moment you store personal data, you need to be registered for Data Protection if I remember correctly. That's also the moment I think (opinion) you should tell the visitors what's going on behind the scenes. But I believe besides Data Protection registration, telling the punter is only 'best practise' and not obliged (all the 'safe trading' labels require it for instance) by law. But I could be miles off to be honest, never studied it in depth since I was never in charge of dealing with it. So... A for what it's worth piece of opinion...
Its not an ecommerce business and this company could not care less about best practice, they want to know facts about who uses it and who doesn't and generally abuse the self-employed status as it is and this extension of monitoring I think should be against the law, they want me to run a subsidiary site for them and "also" track self-employed users and I dont feel comfortable with it, however I would prefer to tell them that it was illegal rather than that I felt it was wrong.