Websites and apps collecting personal information could do much better in telling people that they are doing it, why they are doing it and how securely the information will be held.
Commenting on the results of the first Global Privacy Enforcement Network (GPEN) Internet Privacy Sweep, Shroff says the sweep or survey of websites and apps is an example of international privacy enforcement authorities working together.
“We looked at whether a new user coming to the site could read the policy and have a fair idea about whether their personal information was being collected, what it would be used for, and whether it would be shared with third parties," she says.
Shroff believes there is a lot of room for improvement however, with the implementation of simple things such as the contact details of a privacy officer.
When privacy terms and conditions are stated on many websites in New Zealand and internationally, the strong focus is on legally protecting the company, and not on providing information about consumer rights.
“The websites that collect information from people need to be less defensive and become more pro-active in shifting the emphasis on informing consumers about their information, why it is necessary to collect it and how it will be protected," she says.
The goals of the initiative included: increasing public and business awareness of privacy rights and responsibilities; encouraging compliance with privacy legislation; identifying concerns which may be addressed with targeted education and/or enforcement; and enhancing cooperation amongst privacy enforcement authorities.
Shroff says the purpose of the sweep was not to conduct an in-depth analysis of the transparency of each website, but to replicate the consumer experience by spending a few minutes per site checking for performance against a set of common indicators.
The amalgamated international results from the GPEN internet sweep [DOCX, 40 KB] are now available.
The objective is to consider further international and domestic action to encourage improved information for website users and also to make website users aware of their rights when websites solicit personal information.
Information about the Global Privacy Enforcement Network (GPEN) can be found by clicking here