Results of the 2013 Global Privacy Enforcement Network Internet Privacy Sweep
OTTAWA, August 13, 2013 – The first Global Privacy Enforcement Network (GPEN) Internet Privacy Sweep was an example of privacy enforcement authorities working together to promote privacy protection around the world.
Nineteen privacy enforcement authorities from around the globe participated in the 2013 Sweep, which took place May 6-12, 2013. Over the week, participating authorities searched the Internet in a coordinated effort to assess privacy issues related to a common theme - Privacy Practice Transparency. Preliminary Sweep results are now available.
Major global trends observed
A greater proportion of large organizations typically had privacy policies on their websites, in comparison to small and medium-sized organizations.
- One-third of policies raised concerns with respect to the relevance of the information provided.
In some cases, sites would make brief over-generalized statements about privacy while offering no details on how organizations were collecting and using customer information.
Many policies used boilerplate language which did not take into account the relevant privacy jurisdiction. Too often, there was limited information on how organizations were collecting, using and disclosing personal information as it related to their business model.
- Approximately 33 percent of privacy policies viewed raised concerns with respect to their readability.
Many of these policies quoted directly from applicable legislation. In doing so, these policies provide limited benefit to the average consumer seeking a clear and concise explanation of how their information is being collected and used.
- Mobile app privacy policies lagged those found on traditional websites.
Best practices observed
- Many organizations had privacy policies that were easily accessible, simple to read, and contained privacy-related information that consumers would be interested to know, which demonstrates that it is possible to create transparent privacy policies.
- Many described what information is collected, for what purposes it is used, and with whom it is shared.
- Some of the best examples observed during the sweep were policies that made efforts to present the information in a way that was easily understandable and readable to the average person. This was accomplished through the use of plain language; clear and concise explanations; and the use of headers, short paragraphs, FAQs, and tables, among other methods.
About the GPEN Internet Privacy Sweep
The goals of the Sweep initiative included: increasing public and business awareness of privacy rights and responsibilities; encouraging compliance with privacy legislation; identifying concerns which may be addressed with targeted education and/or enforcement; and enhancing cooperation amongst privacy enforcement authorities.
The purpose of the Sweep was not to conduct an in-depth analysis of the privacy practice transparency of each website, but to replicate the consumer experience by spending a few minutes per site checking for performance against a set of common indicators.
The Sweep was not an investigation, nor was it intended to conclusively identify compliance issues or legislative breaches. Rather, the initiative was meant to help participating authorities identify sites or apps which may warrant further assessment or follow-up after the Sweep and/or identify trends which might guide future education and outreach.
GPEN Privacy Sweep efforts are ongoing. Several enforcement authorities have already taken follow-up action and several more are in the process of following up directly with organizations whose website privacy policies (or lack thereof) were of concern. Follow-up actions could include outreach to organizations and enforcement actions.
|Global (Websites)||Global (Mobile apps)||OPC (Websites)|
|Total number of websites or apps searched*||2,186||90||326|
|Sites/apps for which a concern was identified with respect to find-ability||23% (493)||60% (54)||12% (39)|
|Sites/apps for which a concern was identified with respect to contact-ability||19% (419)||30% (27)||15% (49)|
|Sites/apps for which a concern was identified with respect to readability||31% (688)||58% (52)||21% (67)|
|Sites/apps for which a concern was identified with respect to relevance of information provided||28% (620)||91% (82)||21% (69)|
|Overall percentage of sites/ for which one or more concerns was identified**||50% (1,091)||92% (83)||47% (152)|
*It is possible that some websites were examined by more than one participant. Two participants looked at mobile apps, while the other participants, including the Office of the Privacy Commissioner of Canada (OPC), looked at websites.
** The percentage of websites/apps for which concerns were found varied significantly among participants. For websites, the range was between 25 percent and 90 percent. It is important to note that participants used different criteria in assessing websites.
OPC Survey of Canadians and Privacy (January 2013) See pages 23-26
- Date modified: