Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Do your favourite websites pass the privacy test?

The Office of the Australian Information Commissioner (OAIC) will this week conduct an ‘internet sweep’ of the websites most used by Australians.

Nineteen privacy enforcement authorities from around the globe are participating in the first International Internet Privacy Sweep, an initiative of the Global Privacy Enforcement Network. This will involve the OAIC searching 50 websites to assess the accessibility, readability and content of privacy policies.

‘The sweep theme is “Privacy Practice Transparency”. Transparency is a fundamental privacy principle common to privacy laws around the world,’ said Australian Privacy Commissioner, Timothy Pilgrim.

‘Organisations need to be open and transparent about how they collect, use and disclose personal information. A clear and easy to understand privacy policy is one way that organisations can assist people to exercise control over their own information. This is even more important in an online environment where personal information is sometimes used in ways that individuals may not expect.’

Research conducted by the Asia Pacific Privacy Authorities showed that nearly 62% of people said that they didn’t read the privacy policies or terms and conditions of the websites they used, often because they were too long or were incomprehensible.[1]

‘Privacy policies are frequently very difficult to understand and can be complex and confusing,’ said Mr Pilgrim. ‘We will be looking to see how the privacy policies of the websites most visited by Australians measure up. Are they simple, clear and easy to understand?’

The website privacy policies will also be considered to see how the 50 visited sites would rate against new transparency requirements due to commence in March 2014, in particular Australian Privacy Principle (APP) 1 — Open and transparent management of personal information.

‘With new privacy laws coming into place next year, a specific new requirement is for organisations to manage personal information in a more open and transparent way,’ said Mr Pilgrim.

‘We will use the results of this sweep to develop guidance on the new requirements in the lead up to March 2014 and to educate organisations about privacy policies.’

‘The changes include a requirement for privacy policies to include more information about how personal information is handled. In order to be compliant with the new laws, every organisation is going to have to review their privacy policies.’

The results of the Australian sweep will be released later this year. Information about how organisations can start to prepare for the new laws, including a Compliance checklist, is available on the OAIC website:

For interview requests: Ms Leila Daniels     0407 663 968

Notes for editors

More information about the Global Privacy Enforcement Network (GPEN) is available at:

The sweep will examine:

  • Availability ­— does the website have a privacy policy?
  • Find-ability how difficult is it to find information about the site’s privacy practices?
  • Contact-ability — is contact information for addressing privacy questions and concerns readily available?
  • Readability — how readable is the information about privacy practices?
  • Relevance (each website will be assessed on the specific requirements in APP 1 (not due to become law until March 2014))
    • Is it clear what kind of personal information is being collected?
    • Is it clear how the organisation collects, holds, uses and discloses personal information about users?
    • Is it clear why the organisation is collecting personal information?
    • Is it clear how users can request access to their personal information?
    • Is it clear how users can request corrections to their personal information?
    • Is it clear how users can find out if the organisation is likely to disclose personal information to overseas recipients?
    • Is it clear how users can find out what countries those recipients may be in?

Which websites will be examined?

The OAIC has selected a group of websites that are most visited by Australians based on web traffic. The list also includes those government agencies and private sector organisations most complained about to the OAIC. The list will be published with aggregated results. Individual score sheets will not be published but where there are areas identified that require focus before March 2014, the OAIC may contact the organisation directly.

When will results be made available?

The OAIC will analyse the results and release aggregate findings in July 2013. The formal results of the global sweep will be released at the 35th International Conference of Data Protection and Privacy Commissioners in Warsaw in September 2013.

Participating Privacy Enforcement Authorities
CountryPrivacy Enforcement Authority
Australia Office of the Australian Information Commissioner
Canada Office of the Privacy Commissioner of Canada
Information and Privacy Commissioner of British Columbia
Information and Privacy Commissioner of Alberta
Estonia Estonian Data Protection Inspectorate
Finland Office of the Data Protection Ombudsman
France Commission Nationale de L’Informatique et des Libertes
Germany Federal Data Protection Commission
Data Protection Commissioner of Berlin
Data Protection Commissioner of Rhineland-Palatinate (Rheinland-Pfalz)
Data Protection Supervisory Authority of Bavaria
Data Protection Commissioner of Hesse
Hong Kong Office of the Privacy Commissioner for Personal Data
Ireland Office of the Data Protection Commissioner
Macao Office for Personal Data Protection, Government of Macao
Macedonia Directorate for Personal Data Protection
New Zealand Office of the Privacy Commissioner
Norway Data Protection Authority
United Kingdom Information Commissioner’s Office
United States Federal Trade Commission

[1] 2011 Asia Pacific Privacy Authorities Privacy Awareness Week online privacy survey