The Global Privacy Enforcement Network (GPEN) is organizing an international privacy sweep between 12 and 18 May 2014, specifically targeted at mobile applications, involving 27 data protection authorities around the world .
The privacy sweep targeted at apps follows the first privacy sweep conducted in May 2013, where 19 participating data protection and privacy enforcement authorities around the world searched the Internet in a coordinated effort to assess privacy issues related to a common theme: “Privacy Practice Transparency”. Following completion of the privacy sweep, the data protection authorities met to discuss any common findings, and later held further individual discussions with certain data controllers to discuss in detail which steps can be taken to ensure compliance. Many of these data controllers agreed to make significant changes to their privacy policies in order to incorporate local law requirements and suggested best practices.
Following this first privacy sweep, the Global Privacy Enforcement Network, an organization established by the OECD governments to foster cross-border co-operation among data protection authorities, and consisting of 40 national and regional data protection and privacy enforcement authorities, is aiming its arrows at apps this time around. 27 data protection and privacy enforcement authorities from around the world (including in countries which are not a member of the GPEN), will participate in the second privacy sweep, which is said to focus on mobile app privacy and how apps collect and use personal data. The participating authorities originate from Australia, Belgium, Canada, China, Colombia, Estonia, Finland, France, Germany, Gibraltar, Hungary, Ireland, Israel, Italy, Mexico, New Zealand, Norway, Spain and the UK.
Among the issues to be examined are above all how apps comply with the transparency principle (how does the app explain to the users why personal data is collected and how and why this will be used), the types of consent sought by the app from the user, and whether those consents surpass what is required for the functionality of the app. The goal of the privacy sweep is not to sanction data controllers who are in breach with local privacy laws, but instead to assist the app operators (and developers) to comply with the requirements. The plans for this privacy sweep originated from the concern and practical finding that privacy policies offered on apps are often very lengthy and are rarely read by the user.
The participating authorities will examine some of the more popular apps, as well as apps that are of particular interest in their country or region (such as for instance health related apps). Depending on the respective country or region, the privacy sweep may target both the public and private sector. The results of the second privacy sweep will be aggregated and findings are expected to be published by the fall of 2014.