Results of the first GPEN Internet Privacy Sweep

The first "sweep", an internet study of the Global Privacy Enforcement Network (GPEN), took place from 6 to 12 May 2013. Eighteen data protection authorities from the whole world participated in the initiative, in which transparency was key. Transparency is one of the basic principles of data protection inscribed in legislations of various countries.

The aim of the sweep was not to check how transparent every individual website is about privacy protection, nor to draw up a complete list of privacy issues. It was especially about how users experience information on privacy protection when surfing to a particular website, since this is very useful for future awareness raising by data protection authorities.

Global trends

Although the GPEN members found websites with adequate privacy policy, the sweep unfortunately also revealed a number of issues:

  • for 21% of the 1 883 websites and apps involved in the study, there was no privacy policy at all;
  • in some cases the website only contained a very general statement on privacy protection, lacking details about the way in which the organisation collected and used its customers personal data;
  • proportionately, more large than small and medium-size organisations publish privacy policies on their websites;
  • in quite a few privacy policies standard paragraphs were discovered, which are not adapted to the privacy protection rules in force on the territory in which the organisation works;
  • approximately 38% of the privacy policies examined were difficult to read. They were often a simple copy of privacy legislation;
  • privacy policies for apps have not yet been elaborated like those for websites: for over half (54%) of the apps in the study there was no privacy policy, and in some cases the organisation only provided a link to the privacy policy on its website, which did not include specific information about the use of personal data by the app.

An adequate privacy policy: this is what it looks like

  • It contains information that can easily be found and which is brief, clear and pleasant to read, for example in a table or edited as FAQs;
  • The contact details of the person in charge of privacy protection are clearly communicated and this person can be contacted in more than one way, for example by letter, at a free phone number or by e-mail.

Follow-up of the initiative

The GPEN members have committed to taking into account the sweep's results for their awareness raising campaigns. At any rate, a new sweep has been planned for 2014.