Information to be Provided When Personal Data Are Collected
Description
Provide data subjects with information about controller identity, purposes, recipients, retention, rights, etc. at the time of collection.
⚠️ Risk Impact
Privacy notice failures are a common entry point for DPA investigations. Notices that are incomplete, overly legalistic, or hidden produce direct enforcement actions.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as high-severity findings with remediation guidance.
🔧 Remediation
Layered privacy notice (short + detailed). Clear language. Translated to all EU languages served. Specific information per Article 13(1)+13(2). Updated when processing changes.
💀 Real-World Attack Scenario
Clearview AI faced multiple EU enforcement actions partly due to inadequate privacy notice — most data subjects didn't know their images had been scraped + used for facial recognition. Total fines across EU: €20M+.
💰 Cost of Non-Compliance
Article 13 violations: cited in 47% of EU privacy enforcement actions (DLA Piper 2024).
📋 Audit Questions
- 1.Privacy notice content per Article 13(1)+13(2)?
- 2.Translations?
- 3.Clear language assessment?
- 4.Last notice update?
⚡ Common Pitfalls
- ⛔Legalistic boilerplate that meets letter but not spirit
- ⛔Privacy policy buried + not surfaced at collection point
- ⛔Updates not communicated to users
📈 Business Value
Effective privacy notice is the foundation of transparency.
⏱️ Effort Estimate
Annual review + per-product update
EchelonGraph tracks PII-collection points + flags notice gaps
🔗 Cross-Framework References
Automate GDPR Art13 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →