Global Privacy Enforcement Network Internet Privacy Sweep
Questions and Answers
May 6, 2013
What will happen during the Internet Privacy Sweep? What is the goal?
Privacy enforcement authorities participating in the Sweep will designate individuals within their organizations to search the Internet in a coordinated effort to assess privacy practices related to a predetermined theme – this year the theme is Privacy Practice Transparency.
The Sweep will provide flexibility for privacy enforcement authorities to tailor their search within this common theme to focus on issues that are relevant in the context of domestic legislation, market factors and strategic priorities.
The purpose of the Sweep is not to conduct an in-depth analysis of the privacy practice transparency of each website, but to replicate the consumer experience by spending a few minutes per site checking for performance against set common indicators.
The Sweep is not an investigation, nor is it intended to conclusively identify compliance issues or legislative breaches. Rather, the initiative will help participating authorities to identify sites or apps which may warrant further assessment or follow-up after the Sweep day is over and/or to identify trends which might guide future education and outreach.
When does the Internet Privacy Sweep take place?
Participating privacy enforcement authorities will designate individuals within their organizations to search the Internet, for a single day within a prescribed week, May 6-12, 2013.
The Office of the Privacy Commissioner of Canada will be conducting its Sweep activities on May 6th.
What is the Global Privacy Enforcement Network (GPEN)?
Global Privacy Enforcement Network, which connects privacy enforcement authorities to promote and support cooperation in cross-border enforcement of laws protecting privacy. For more information, please see their website.
Why is international cooperation on privacy issues important?
Modern commerce and consumer activity increasingly relies on the seamless flow of personal information across borders. These global data flows occur across jurisdictions having a wide diversity of privacy laws and enforcement arrangements.
Privacy has become an international issue in the Internet era and requires an international response. The issues are global and, therefore, the solutions need to be global as well.
Which privacy enforcement authorities are taking part?
Office of the Australian Information Commissioner
Office of the Privacy Commissioner of Canada
Information and Privacy Commissioner of British Columbia
Estonian Data Protection Inspectorate
Office of the Data Protection Ombudsman
Commission Nationale de l'Informatique et des Libertés
Federal Data Protection Commission
Data Protection Commissioner of Berlin
Data Protection Commissioner of Rhineland-Palatinate
Data Protection Supervisory Authority of Bavaria
Data Protection Commissioner of Hesse
Office of the Privacy Commissioner for Personal Data
Office of the Data Protection Commissioner
Office for Personal Data Protection, Government of Macao
Directorate for Personal Data Protection
Office of the Privacy Commissioner
Data Protection Authority
Information Commissioner's Office
Federal Trade Commission
How did the Privacy Sweep come about?
Under the umbrella of the Global Privacy Enforcement Network, our Office raise this idea as a potentially collaborative initiative to promote privacy protection worldwide and also agreed to coordinate the Sweep in its inaugural year.
Why was Privacy Practice Transparency selected as the theme? Are all participating privacy enforcement authorities looking at the same issues?
Transparency is a key element for organizations in respecting the privacy of individuals online. To be transparent about their privacy practices, on their websites or apps, organizations must make information available, accessible and understandable with respect to how they handle individuals' personal information.
Transparency is a fundamental privacy principle common to privacy laws around the world. That said, specific expectations with respect to privacy practice transparency will vary across jurisdictions and depend on other contextual factors such as the sensitivity of personal information at issue.
The theme of Privacy Practice Transparency is intended to be broad enough to allow each participating authority tailor its Sweep in accordance with its own legislation or strategic priorities (e.g. website vs. app platform or sector-specific focus).
Around the theme of privacy practice transparency, five indicators have been identified to more clearly define the theme and focus Sweep activities. Participating privacy enforcement authorities have been encouraged to address each of these indicators in their Sweep. The indicators are:
- Find-ability: How difficult is it to find the information about privacy practices?
- Contact-ability: Is contact information for the purposes of asking a privacy question or making a privacy complaint or access request readily available?
- Readability: How comprehensible is the information about privacy practices (i.e. understandable to the target audience)?
- Relevance: How well does the information provided about privacy practices address common privacy questions?
How are the sites being examined selected?
It is up to each participating privacy enforcement authority to determine which private sector sites are to be evaluated.
The Office of the Privacy Commissioner of Canada will focus on websites most often visited by Canadians. Our list of sites to check will include the top ranked commercial sites most visited by Canadians and the websites of large Canadian businesses in customer-oriented sectors. We expect to look at a few hundred sites during the Sweep day.