Out-Law News | 16 Aug 2013 | 4:29 pm | 2 min. read
A 'sweep' of more than 2,000 websites and mobile apps conducted by 19 different data protection authorities (DPAs) around the world found "significant shortcomings" in the way businesses displayed and detailed information in privacy policies, the Information Commissioner's Office (ICO) said.
The sweep took place in May and was co-ordinated by the Global Privacy Enforcement Network (GPEN). The ICO looked at 250 websites belonging to large companies in a review designed more to "replicate the consumer experience by spending a few minutes on each website" rather than taking the form of an "in-depth analysis", the watchdog said.
The data protection authority in Canada was among the other watchdogs to participate in the sweep operation. Jennifer Stoddart, Privacy Commissioner of Canada, cited some examples of problematic privacy policies her office had identified.
"Neither approach is helpful to Canadians – nor necessary, as demonstrated by the many privacy policies we saw that were able to strike a balance between transparency and concision," Stoddart added.
When the ICO announced that the sweep operation was taking place in May, it said that too many companies were using the privacy policies they publish "to protect themselves rather than inform the public" about the collection and use of personal data.
Stevens said that the watchdogs had noted some best practice examples in its sweep. He said privacy policies should be set out in "plain language" which the average consumer could easily understand and read. The policies should also contain subheadings, short paragraphs, FAQs and tables to help with the easiness with which they can be read, he added.
Companies should also publish contact details for individuals responsible for privacy practices with their organisation and should tailor their privacy policies for inclusion within mobile apps or on mobile sites, Stevens added.