Nineteen privacy enforcement authorities from around the globe are participating in the first International Internet Privacy Sweep, an initiative of the Global Privacy Enforcement Network. This will involve the OAIC searching 50 websites to assess the accessibility, readability and content of privacy policies.
‘The sweep theme is “Privacy Practice Transparency”. Transparency is a fundamental privacy principle common to privacy laws around the world,’ said Australian Privacy Commissioner, Timothy Pilgrim.
Research conducted by the Asia Pacific Privacy Authorities showed that nearly 62% of people said that they didn’t read the privacy policies or terms and conditions of the websites they used, often because they were too long or were incomprehensible.
‘Privacy policies are frequently very difficult to understand and can be complex and confusing,’ said Mr Pilgrim. ‘We will be looking to see how the privacy policies of the websites most visited by Australians measure up. Are they simple, clear and easy to understand?’
The website privacy policies will also be considered to see how the 50 visited sites would rate against new transparency requirements due to commence in March 2014, in particular Australian Privacy Principle (APP) 1 — Open and transparent management of personal information.
‘With new privacy laws coming into place next year, a specific new requirement is for organisations to manage personal information in a more open and transparent way,’ said Mr Pilgrim.
‘We will use the results of this sweep to develop guidance on the new requirements in the lead up to March 2014 and to educate organisations about privacy policies.’
‘The changes include a requirement for privacy policies to include more information about how personal information is handled. In order to be compliant with the new laws, every organisation is going to have to review their privacy policies.’
The results of the Australian sweep will be released later this year. Information about how organisations can start to prepare for the new laws, including a Compliance checklist, is available on the OAIC website: www.oaic.gov.au.
For interview requests: Ms Leila Daniels 0407 663 968 firstname.lastname@example.org
Notes for editors
More information about the Global Privacy Enforcement Network (GPEN) is available at: https://www.privacyenforcement.net
The sweep will examine:
- Find-ability — how difficult is it to find information about the site’s privacy practices?
- Contact-ability — is contact information for addressing privacy questions and concerns readily available?
- Readability — how readable is the information about privacy practices?
- Relevance (each website will be assessed on the specific requirements in APP 1 (not due to become law until March 2014))
- Is it clear what kind of personal information is being collected?
- Is it clear how the organisation collects, holds, uses and discloses personal information about users?
- Is it clear why the organisation is collecting personal information?
- Is it clear how users can request access to their personal information?
- Is it clear how users can request corrections to their personal information?
- Is it clear how users can find out if the organisation is likely to disclose personal information to overseas recipients?
- Is it clear how users can find out what countries those recipients may be in?
Which websites will be examined?
The OAIC has selected a group of websites that are most visited by Australians based on web traffic. The list also includes those government agencies and private sector organisations most complained about to the OAIC. The list will be published with aggregated results. Individual score sheets will not be published but where there are areas identified that require focus before March 2014, the OAIC may contact the organisation directly.
When will results be made available?
The OAIC will analyse the results and release aggregate findings in July 2013. The formal results of the global sweep will be released at the 35th International Conference of Data Protection and Privacy Commissioners in Warsaw in September 2013.
|Australia||Office of the Australian Information Commissioner|
|Canada||Office of the Privacy Commissioner of Canada
Information and Privacy Commissioner of British Columbia
Information and Privacy Commissioner of Alberta
|Estonia||Estonian Data Protection Inspectorate|
|Finland||Office of the Data Protection Ombudsman|
|France||Commission Nationale de L’Informatique et des Libertes|
|Germany||Federal Data Protection Commission
Data Protection Commissioner of Berlin
Data Protection Commissioner of Rhineland-Palatinate (Rheinland-Pfalz)
Data Protection Supervisory Authority of Bavaria
Data Protection Commissioner of Hesse
|Hong Kong||Office of the Privacy Commissioner for Personal Data|
|Ireland||Office of the Data Protection Commissioner|
|Macao||Office for Personal Data Protection, Government of Macao|
|Macedonia||Directorate for Personal Data Protection|
|New Zealand||Office of the Privacy Commissioner|
|Norway||Data Protection Authority|
|United Kingdom||Information Commissioner’s Office|
|United States||Federal Trade Commission|
 2011 Asia Pacific Privacy Authorities Privacy Awareness Week online privacy survey http://www.privacyawarenessweek.org/2011/survey_media_release.html