It should come as no surprise that the AVG has been in effect for several years now. Nevertheless, full compliance with it can still sometimes remain challenging. This was underlined again recently by reports that the Dutch regulator, the Dutch Data Protection Authority (AP), is facing hefty backlogs due to the number of notifications. But this also means that the AP is actively investigating potential violations, which again highlights the need for AVG compliance. In this blog, we'd like to highlight a less technical aspect of AVG compliance, which can still have far-reaching implications for your company's compliance status.
In fact, if the signer of a privacy policy does not understand what it says, it is officially invalid. Fortunately, you can easily have your privacy or cookie policy translated by us. Request a non-binding quote now.
It is easy to underestimate the effects of language in this context. A transparently formulated AVG statement is obviously important for business activities within the home market, but this importance is at least as great when expanding abroad. When formulating this statement, article 7.2 of the AVG plays a central role:
If the person involved gives consent as part of a written statement that also covers other matters, the request for consent shall be presented in an understandable and easily accessible form and in clear and simple language in such a way that it can be clearly distinguished from the other matters.
In this article, we read that texts regarding AVG implementation should be both accessible and understandable, and in a language that the target audience can be expected to understand. It is relatively easy to meet these criteria in your home market, but for a foreign audience this can quickly lead to challenges. It is also important to note that this article does not only cover consent requests, but also processing statements and arbitration proceedings.
For a website with an international audience, this may mean that you will need to provide a translated version of your existing AVG texts. Sometimes a single English-language version will suffice for the entire EU market, although we always recommend having this reviewed by the relevant national regulators. If there is a chance that the target audience does not have sufficient command of the English language to make an informed decision about consent, it is always safer to use translated texts.
Such a translation must, of course, meet the same requirements for comprehensible language and thus be tailored to the target audience. A complicated, formal translation for a website aimed at a broad audience could clash with the requirements of transparent, understandable language. Therefore, it is a good idea to choose a translation agency that specializes in website translation and has experience in this combination of ICT and legal texts. We also recommend staying involved in the translation process and sharing as much relevant information as possible about your target audience and any style guides for external communication.
It may seem excessive to call this a compliance risk. However, for this kind of situation, you have to look at the letter as well as the spirit of the AVG law. Article 7, as cited above, means in practice that if the conditions for transparent, understandable language are not met, consent based on this statement can be declared invalid, because there is a chance that the reader did not understand what he or she was agreeing to. And in this context, that means that data processed on the basis of this consent is actually being processed without consent. Therefore, the language here is perhaps just as important as the technical side of your AVG implementation.
