Global Privacy Enforcement Network targets apps in second online Sweep
OTTAWA, May 6, 2014 — The exploding popularity of mobile applications is raising a number of privacy concerns, prompting the Global Privacy Enforcement Network (GPEN) to focus its 2014 international Privacy Sweep on mobile apps.
The Sweep from May 12 to 18, 2014, involving 27 privacy enforcement authorities from around the world, is aimed at shedding light on the collection and use of personal information on mobile apps.
“The number of mobile applications offered to consumers is growing at an astonishing rate and many of them collect a great deal of personal information,” says Chantal Bernier, Interim Privacy Commissioner of Canada.
“It is important that consumers have the information necessary to really understand what they are agreeing to when they install an app on their mobile device. App developers need to be transparent and offer clear, easy-to-understand privacy information.”
Sweep participants will be looking at the types of permissions an app is seeking, whether those permissions exceed what would be expected based on the app’s functionality, and most importantly from a transparency perspective, how the app explains to consumers why it wants the personal information and what it will do with it.
Participating authorities will look at some of the most popular apps or apps that are of particular interest in their country or region. For example, some authorities plan to focus on health-related apps or apps developed by public sector organizations.
This year, 27 authorities will participate in the sweep, compared to 19 in 2013. The GPEN initiative is aimed at encouraging organizations to comply with privacy legislation and to enhance co-operation between privacy enforcement authorities. Concerns identified during the Sweep will result in follow-up work such as outreach to organizations and/or enforcement actions.
Participants of the first GPEN Privacy Sweep in 2013 assessed the online transparency of organizations in informing consumers about their privacy practices. As part of that initiative, the Office of the Privacy Commissioner of Canada followed up with a number of organizations, including insurance companies, financial institutions and media companies, regarding their privacy policies. Many of them agreed to make significant changes to their privacy policies in order to incorporate PIPEDA requirements and suggested best practices.
The Global Privacy Enforcement Network connects privacy enforcement authorities to promote and support co-operation in cross-border enforcement of laws protecting privacy.
The results of the 2014 sweep will be compiled and we expect they will be made public by the fall of 2014.
About the Office of the Privacy Commissioner of Canada
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two federal laws for the protection of personal information: the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to commercial activities in the Atlantic provinces, Ontario, Manitoba, Saskatchewan and the Territories. Quebec, Alberta and British Columbia each has its own law covering the private sector. Even in these provinces, PIPEDA continues to apply to the federally regulated private sector and to personal information in interprovincial and international transactions.
Infographic: Privacy and Mobile Apps
- 30 -
For more information, please contact:
Valerie Lawton, Office of the Privacy Commissioner of Canada
NOTE: To help us to respond more quickly, journalists are asked to please send requests for interviews or further information via e-mail.