The Data Protection Commissioner (DPC) recently took part in a global ‘Privacy Sweep’ of websites and mobile apps designed to assess the privacy practices in place. A “significant cause for concern” for the DPC is that 21% of the websites/apps reviewed worldwide had no privacy policy in place at all.

The DPC volunteered to take part in the Privacy Sweep which was organized by the Global Privacy Enforcement Network and involved nineteen data protection authorities around the world, including the UK, US, France and Germany. The exercise involved reviewing websites/apps to examine whether there was a privacy policy in place and, if so, whether or not it was easy to access and read. 14 out of the 79 companies whose websites/apps were reviewed by the DPC scored top marks, including Marks and Spencer and TG4. However, four of the Irish websites/apps reviewed had no privacy policy in place and the vast majority had some issue with either “find-ability”, “contact-ability” or “readability”.

Nonetheless, the DPC was on the whole encouraged by the results and stated that he intends to carry out more online audits and intends to take follow-up actions against operators where any issues arise. Follow-up action is particularly likely where a website/app has no privacy policy available for users or where contact details are not available.

The Privacy Sweep and the DPC’s comments about future follow-up action should alert website/app operators to the importance of having a readable and easily accessible privacy policy available for users to read.