Global Information Technology & Communications
Canada - Canadian Office of the Privacy Commissioner releases results of GPEN mobile apps privacy sweep
On September 10, 2014, the Office of the Privacy Commissioner of Canada (“OPC”) released its findings and general guidance following a recent “privacy sweep” of mobile apps. The OPC conducted the review in collaboration with its counterparts within Canada and internationally, all participating in the second annual Global Privacy Enforcement Network (“GPEN”) Privacy Sweep.
In conjunction with its findings, the OPC released “Ten Tips” to provide guidance on the effective communication of privacy practices to app users. These tips are focused on the following general themes:
1. Transparency: According to the OPC, privacy information should come directly from the app provider, be specific rather than generic, and speak to the relevant audience and be tailored to the applicable communication channels.
2. Explanation of the data requested and collected: According to the OPC, app providers should describe how they use the permissions sought, explain the data gathered through social media logins, and be aware of the distinction between permission to “access” and consent to collect, use or disclose information.
3. Making privacy information accessible on an ongoing basis: According to the OPC, an app should provide privacy information even if it does not collect any personal information; it should also include privacy information and/or a link thereto within the app, and allow individuals to revisit privacy information such as through use of “just-in-time” notifications.
The GPEN was formed in 2012 further to a recommendation of the OECD Council to foster the establishment of an informal network of privacy enforcement authorities, and counts some 20 national privacy authorities among its members. The sweep of mobile apps follows on a similar “Internet Privacy Sweep” in 2013, to assess the privacy practices of various websites based on a theme of “Privacy Practice Transparency”. The GPEN conducted both sweeps in furtherance of its stated mission to promote the exchange of information, dialogue, and cooperation among participating privacy authorities and organizations having a role in privacy enforcement.
For more information, please contact Theo Ling, Arlan Gates, Lisa Douglas or Eva Warden.