top of page

Transparency, choice and control

What we looked at

3.1  How transparent is the platform about where the information goes and what is done with it? Is information put to any secondary purpose, and if so, how clearly is that purpose spelt out? 


3.2  How much choice and control are you given over this?

What good could look like
An approach which...

Provides full transparency, choice and control over who will have access to data and how they will use it. 


Offers the option to provide “layered” information, with specific detail for organisations that have a genuine reason to use it for the person’s benefit, or for use in specific situations such as emergencies – with the confidence that different levels of detail will only be available to the organisations/services that need them.

Good practice
Poor practice

The Experian Support Hub allows you to choose the organisations that will receive your data, and makes it clear that information will only ever be used to give you the help and support you need. 


Life Ledger is equally transparent, and takes the trouble to explain why you need to provide certain information, e.g. proof of ID /authority to act. 


Transparency, choice and control are inherent in the four platforms serving the broad retail, leisure and entertainment sector - JAM card, Sunflower, Nimbus Access Card and Wel-co.me. All four are "Tell once" rather than "Share once" platforms, leaving the person in full control of where and with whom information is shared.

The Vulnerability Services Register sends your information to all subscribing organisations, whether or not they have a business relationship with you (arguably in breach of Article 5 (3) of the GDPR), and offers little clarity or reassurance about how it will be used. There is an equal lack of clarity in at least some receiving organisations’ privacy notices. 


This isn’t only about information potentially being used to someone’s disadvantage; it’s also about information reaching (or not reaching) those who ought to have it in the receiving organisation.

What's happening at the moment?

Average rating

DNS
LL
Pas
Oct
TiM
VRS
3.1
Transparency
About Me

Purpose is transparent, but no privacy notice to confirm this

Accessible Information Standard (AIS)

Purpose is transparent, but no privacy notice to confirm this

Death Notification Service (DNS)

Useful FAQs about the process and how data is used

Experian Support Hub

Sets a high benchmark for other platforms. Particularly good in the way it tells you what a company can/can't do to meet the request for reasonable adjustments.

Hidden Disabilities Sunflower

The purpose of the lanyard is completely transparent

JAM Card

Inherently transparent

Life Ledger

An excellent privacy notice which sets the tone for the transparency of the whole site/service. Considerable thought has obviously been given to the specific information needed by recipients, so certain elements (e.g. the ID check) are clearly explained in terms of purpose.

Nimbus Access Card

Purpose of use is transparent

Notice of Correction

Reasonably transparent about the NOC being seen/taken into account by lenders.

Passenger Assistance

Reasonably transparent website and privacy policy, though the latter is a bit clogged up with definitions (e.g. "Services: the Passenger Assistance services made available to Users by Service Providers, the provision of which is facilitated by the Technology Platforms" and "Service Providers: the persons, firms or companies who license any of the Technology Platforms from Transreport from time to time and who provide of the Services", and don't refer to train operating companies.

Priority Service Register: Octopus Energy

Not entirely transparent about why some information is collected and what you can expect to happen as a result.

This is Me

Purpose is transparent, but no privacy notice to confirm this

Vulnerability Registration Service

Generic statements about which organisations will have access to the data, with very limited/open-ended information about how it will be used. Unlikely to offer any real confidence to someone who may be anxious about sharing their information - more likely to increase their anxiety.

Wel-co.me

Inherently transparent

3.2
Choice and control
About Me

Standard says that consent will be sought, but nothing explicit on how consent is provided/applied and whether there can be exclusions

Accessible Information Standard (AIS)

Standard says that consent will be sought but nothing explicit on how consent is provided/applied and whether there can be exclusions

Death Notification Service (DNS)

Notifier can select the organisations which receive the data

Experian Support Hub

Full choice and control over what data is provided and where it's sent

Hidden Disabilities Sunflower

Full choice and control over when you wear/display the lanyard

JAM Card

Choice and control over when you show the app and to whom.

Life Ledger

Complete choice and control over what information is shared with whom.

Nimbus Access Card

Full choice and control over what data is provided

Notice of Correction

Choice and control over what to say and which credit reference agency to send it to, but not over who might see it or what decisions they might make as a result.

Passenger Assistance

Choice and control over when to use the app and therefore share your disabilities with a train operator

Priority Service Register: Octopus Energy

Choice and control over how much information is shared, but site states "We share your data with the energy & water industry so your priority needs are fully supported" (though this isn't clearly reflected in the privacy statement), and there's no clear statement that it will only go to energy and water firms that have a relationship with you.

This is Me

Choice and control over what you say and who you share it with

Vulnerability Registration Service

One element of choice included: whether future credit applications should be pre-declined. Unclear whether the alternative is for them to be automatically or manually processed – this is much clearer on the Experian Support Hub. No choice or control over who receives the information.

Wel-co.me

Choice and control over when you show the app and to whom.

bottom of page