The Office of the Data Protection Commissioner (the DPC) recently volunteered to participate in the Global Privacy Enforcement Network’s (GPEN) internet privacy sweep along with other privacy enforcement authorities in Australia, Canada, Estonia, Finland, France, Germany, Hong Kong, Macao, New Zealand, Norway, UK, & USA.
The privacy sweep carried out by the DPC entailed an audit of 79 organisations in an effort to assess their privacy practices, as outlined in the privacy policies on their websites or within their mobile applications.
The DPC stated that the results of the Internet sweep conducted by his Office were encouraging in terms of the finding that of the 79 websites reviewed, 48 scored a score of 5 or more, whilst 14 achieved the top score of 6.
However the DPC noted that the chief finding that 21% of the websites and mobile applications reviewed internationally had no privacy policy available was "a significant cause for concern". Enforcement authorities are taking follow-up action directly with these organisations. It was also found that many websites contained brief over-generalised statements about privacy while offering no actual details on how organisations were collecting and using customer information. In addition, the privacy policies of mobile applications were found to lag behind traditional websites.
The privacy sweep should serve as a reminder to organisations to ensure they review their privacy policies regularly and update them, when necessary, to reflect any changes in the way the organisation processes personal data.