GPEN Concludes Its First Internet Privacy Sweep
By Jennifer L. Saunders, CIPP/US
“Privacy issues have become global and they require a global response. It is critical that privacy enforcement authorities work together to help protect the privacy rights of people around the world.”
Those were the words used by Canadian Privacy Commissioner Jennifer Stoddart in announcing the Global Privacy Enforcement Network (GPEN)’s first Internet Privacy Sweep, which ran from May 6 through 12. A total of 19 privacy enforcement authorities—including Australia, Canada, Estonia, Finland, France, Germany, Hong Kong, Ireland, Macao, Macedonia, New Zealand, Norway, the UK, U.S. and the province of British Columbia—participated in the weeklong initiative. The authorities dedicated individuals within each department to search the Internet in a coordinated effort to assess privacy issues related to the theme, “Privacy Practice Transparency.”
“Transparency is one of the privacy basics; organizations need to be open and clear with people about how they collect, use and disclose personal information,” Stoddart said in the OPC’s announcement of the event. “Improving transparency is especially important in the online world, where researchers have estimated it can take people up to 250 hours to read all of the privacy policies they encounter in a year. Long, legalistic privacy policies can be almost impossible to understand and navigate, therefore making it extremely difficult for individuals to make meaningful and informed decisions about protecting their privacy.”
The Office of the Privacy Commissioner of Canada (OPC), the coordinator for this first international sweep, has cited the initiative’s goals as including increased awareness of privacy rights and responsibilities; compliance with privacy legislation; identifying and requiring such follow-up actions “as targeted education and/or enforcement,” and enhanced cooperation among the authorities.
OPC Senior Communications Advisor Valerie Lawton told The Privacy Advisor, “One of the key concerns they identified was the readability of privacy policies. Many we looked at were long, complex and legalistic. Some organizations used vague wording to describe their privacy and personal information handling practices.”
However, she noted, “On the more positive side, we were pleased to see that some privacy policies were well-organized, with easy-to-scan headings.”
Lawton said the results of the sweep will be combined in the weeks ahead with more details forthcoming.
Some of the sweep’s areas of focus include whether sties have privacy policies, how difficult it is to find information on their privacy practices, availability of contact information for privacy questions and readability of privacy information.
For more information, the OPC has compiled a Q&A on the Internet Privacy Sweep, available through the office’s website.
Editor’s Note: Look for a follow-up article once the results of the first Internet Privacy Sweep are in hand.