The Who, What, and Why: Data Transparency Notices in the UK

  • Reuben Binns University of Southampton
  • David Millard University of Southampton
  • Lisa Harris University of Southampton
Keywords: open data, transparency, privacy, semantic web


Data protection laws require organisations to be transparent about how they use personal data. This article explores the potential of machine-readable privacy notices to address this transparency challenge. We analyse a large source of open data comprised of semi-structured privacy notifications from hundreds of thousands of organisations in the UK, to investigate the reasons for data collection, the types of personal data collected and from whom, and the types of recipients who have access to the data. We analyse three specific sectors in detail; health, finance, and data brokerage. Finally, we draw recommendations for possible future applications of open data to privacy policies and transparency notices.

Author Biographies

Reuben Binns, University of Southampton
PhD Researcher
Web Science Institute, Department of Electronics and Computer Science / Faculty of Business and Law.
David Millard, University of Southampton

Senior Lecturer of Computer and Web Science, Department of Electronics and Computer Science

Lisa Harris, University of Southampton
Web Science Institute and Digital Marketing, Faculty of Business and Law, University of Southampton


Beatty, P., Reay, I., Dick, S., & Miller, J. (2007). P3P Adoption on E-Commerce Web sites, (April), 65–71.

Berners-lee, T. (2004). Semantic Web Road map Machine-Understandable information : Semantic, (September 1998), 1–10.

Bonneau, J., & Preibusch, S. (2010). The Privacy Jungle: On the Market for Data Protection in Social Networks. Economics of Information Security and

Privacy, 121–167. doi:10.1007/978-1-4419-6967-5_8

Bradwell, P. (2010). Private Lives: A People’s Enquiry into Personal Information. Retrieved from

Brockdorff, N., & Appleby-arnold, S. (2011). CONSENT: What Consumers think.

Byers, S., Cranor, L. F., Kormann, D., Ave, P., & Park, F. (n.d.). Automated Analysis of P3P-Enabled Web Sites.


Cranor, L. F. (2013). P3P Original Idea behind P3P.

Cranor, L. F., Egelman, S., & Sheng, S. (2008). P3P Deployment on Websites P3P Deployment on Websites.

Cranor, L. F., Idouchi, K., Leon, P. G., Sleeper, M., & Ur, B. (2013). Are They Actually Any Different ? Comparing Thousands of Financial Institutions ’ Privacy Practices. The Twelfth Workshop on the Economics of Information Se- Curity (WEIS 2013) , June 11–12, 2013, Washington, DC.

Culnan, M. J. (2000). Protecting Privacy Online: Is Self-Regulation Working? Journal of Public Policy & Marketing, 19(1), 20–26. doi:10.1509/jppm.

Egelman, S., Tsai, J., Acquisti, A., & Cranor, L. F. (n.d.). Studying the Impact of Privacy Information on Online Purchase Decisions, 1–4.

Federal Trade Commission. (2013). FTC Testifies on Data Brokers Before Senate Committee on Commerce, Science and Transportation. Retrieved from

Gandon, F. L. (2003). Semantic web technologies to reconcile privacy and context awareness.

Gutwirth, S., & DeHert, P. (2006). Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power.

Greenleaf, G. (2012). Global Data Privacy in A Networked World, in Brown, I. (ed) Research Handbook on Governance of the Internet Cheltenham:

Edward Elgar

Kelley, P. G., Cesca, L., Bresee, J., & Cranor, L. F. (2009). Standardizing Privacy Notices : An Online Study of the Nutrition Label Approach

Leon, P. G., Cranor, L. F., Mcdonald, A. M., & Mcguire, R. (2010). Token Attempt : The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens

McDonald, A., & Cranor, L. (2008). Cost of Reading Privacy Policies, The. ISJLP, 0389, 1–22. Retrieved from

Milne, G. R., & Culnan, M. J. (2002). Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2001 U.S. Web Surveys. The Information Society, 18(5), 345–359. doi:10.1080/01972240290108168

Narayanan, A., & Shmatikov, V. (2007). Robust De-anonymization of Large Datasets ( How to Break Anonymity of the Netflix Prize Dataset ).

National Telecommunications and Information Administration (NTIA). (2013). SHORT FORM NOTICE CODE OF CONDUCT TO PROMOTE TRANSPARENCY.

OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). Retrieved from,3343,en_2649_34255_1815186_1_1_1_1,00.html

Ohm, P. (2010). Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review.

Schwartz, A. (2009). Looking back at P3P: lessons for the future, (November). Retrieved from

Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2010). The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research, 22(2), 254–268. doi:10.1287/isre.1090.0260

U.S. White House Office of Management and Budget. (1983). The President’s Annual Report on the Agencies’ Implementation of the Privacy Act of 1974 (p. at 118 (Dec. 4, 1985).).

United States Government Accountability Office. (2013). INFORMATION RESELLERS Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace Consumer Privacy Framework Needs to Reflect, (September).

Vimercati, G., Paraboschi, S., & Pedrini, E. (2009). Primelife policy language. Retrieved from

Wellcome Trust. (2013). Summary Report of Qualitative Research into Public Attitudes to Personal Data and Linking Personal Data. Retrieved from

Free and open access to legal information in the digital age