News

Global Privacy Enforcement Network Internet Privacy Sweep
Questions and Answers

May 6, 2013


What will happen during the Internet Privacy Sweep? What is the goal?

Privacy enforcement authorities participating in the Sweep will designate individuals within their organizations to search the Internet in a coordinated effort to assess privacy practices related to a predetermined theme – this year the theme is Privacy Practice Transparency. 

The Sweep will provide flexibility for privacy enforcement authorities to tailor their search within this common theme to focus on issues that are relevant in the context of domestic legislation, market factors and strategic priorities.

The purpose of the Sweep is not to conduct an in-depth analysis of the privacy practice transparency of each website, but to replicate the consumer experience by spending a few minutes per site checking for performance against set common indicators. 

The Sweep is not an investigation, nor is it intended to conclusively identify compliance issues or legislative breaches.  Rather, the initiative will help participating authorities to identify sites or apps which may warrant further assessment or follow-up after the Sweep day is over and/or to identify trends which might guide future education and outreach. 

When does the Internet Privacy Sweep take place?

Participating privacy enforcement authorities will designate individuals within their organizations to search the Internet, for a single day within a prescribed week, May 6-12, 2013.

The Office of the Privacy Commissioner of Canada will be conducting its Sweep activities on May 6th.

What is the Global Privacy Enforcement Network (GPEN)?

Global Privacy Enforcement Network, which connects privacy enforcement authorities to promote and support cooperation in cross-border enforcement of laws protecting privacy. For more information, please see their website

Why is international cooperation on privacy issues important?

Modern commerce and consumer activity increasingly relies on the seamless flow of personal information across borders. These global data flows occur across jurisdictions having a wide diversity of privacy laws and enforcement arrangements.

Privacy has become an international issue in the Internet era and requires an international response.  The issues are global and, therefore, the solutions need to be global as well.

Which privacy enforcement authorities are taking part? 

Australia
Office of the Australian Information Commissioner

Canada
Office of the Privacy Commissioner of Canada
Information and Privacy Commissioner of British Columbia

Estonia
Estonian Data Protection Inspectorate

Finland
Office of the Data Protection Ombudsman

France
Commission Nationale de l'Informatique et des Libertés

Germany
Federal Data Protection Commission
Data Protection Commissioner of Berlin
Data Protection Commissioner of Rhineland-Palatinate
(Rheinland-Pfalz)
Data Protection Supervisory Authority of Bavaria
Data Protection Commissioner of Hesse
Data Protection Commissioner of Brandenburg

Hong Kong
Office of the Privacy Commissioner for Personal Data

Ireland
Office of the Data Protection Commissioner

Macao
Office for Personal Data Protection, Government of Macao

New Zealand
Office of the Privacy Commissioner

Norway
Data Protection Authority

United Kingdom
Information Commissioner's Office

United States
Federal Trade Commission

How did the Privacy Sweep come about?

Under the umbrella of the Global Privacy Enforcement Network, our Office raise this idea as a potentially collaborative initiative to promote privacy protection worldwide and also agreed to coordinate the Sweep in its inaugural year.

Why was Privacy Practice Transparency selected as the theme? Are all participating privacy enforcement authorities looking at the same issues?

Transparency is a key element for organizations in respecting the privacy of individuals online.  To be transparent about their privacy practices, on their websites or apps, organizations must make information available, accessible and understandable with respect to how they handle individuals' personal information.

Transparency is a fundamental privacy principle common to privacy laws around the world.  That said, specific expectations with respect to privacy practice transparency will vary across jurisdictions and depend on other contextual factors such as the sensitivity of personal information at issue. 

The theme of Privacy Practice Transparency is intended to be broad enough to allow each participating authority tailor its Sweep in accordance with its own legislation or strategic priorities (e.g. website vs. app platform or sector-specific focus).

Around the theme of privacy practice transparency, five indicators have been identified to more clearly define the theme and focus Sweep activities.  Participating privacy enforcement authorities have been encouraged to address each of these indicators in their Sweep.  The indicators are:

  • Availability: Is there a Privacy Policy (or equivalent information about privacy practices) on the site/app?
  • Find-ability: How difficult is it to find the information about privacy practices?
  • Contact-ability: Is contact information for the purposes of asking a privacy question or making a privacy complaint or access request readily available?
  • Readability: How comprehensible is the information about privacy practices (i.e. understandable to the target audience)?
  • Relevance: How well does the information provided about privacy practices address common privacy questions?

How are the sites being examined selected?

It is up to each participating privacy enforcement authority to determine which private sector sites are to be evaluated.

The Office of the Privacy Commissioner of Canada will focus on websites most often visited by Canadians.  Our list of sites to check will include the top ranked commercial sites most visited by Canadians and the websites of large Canadian businesses in customer-oriented sectors.  We expect to look at a few hundred sites during the Sweep day.