Global Privacy Enforcement Network targets apps in second online Sweep
OTTAWA, May 6, 2014
OTTAWA, May 6, 2014 /CNW/ - The exploding popularity of mobile
applications is raising a number of privacy concerns, prompting the
Global Privacy Enforcement Network (GPEN) to focus its 2014
international Privacy Sweep on mobile apps.
The Sweep from May 12 to 18, 2014, involving 27 privacy enforcement
authorities from around the world, is aimed at shedding light on the
collection and use of personal information on mobile apps.
"The number of mobile applications offered to consumers is growing at an
astonishing rate and many of them collect a great deal of personal
information," says Chantal Bernier, Interim Privacy Commissioner of
"It is important that consumers have the information necessary to really
understand what they are agreeing to when they install an app on their
mobile device. App developers need to be transparent and offer clear,
easy-to-understand privacy information."
Sweep participants will be looking at the types of permissions an app is
seeking, whether those permissions exceed what would be expected based
on the app's functionality, and most importantly from a transparency
perspective, how the app explains to consumers why it wants the
personal information and what it will do with it.
Participating authorities will look at some of the most popular apps or
apps that are of particular interest in their country or region. For
example, some authorities plan to focus on health-related apps or apps
developed by public sector organizations.
This year, 27 authorities will participate in the sweep, compared to 19
in 2013. The GPEN initiative is aimed at encouraging organizations to
comply with privacy legislation and to enhance co-operation between
privacy enforcement authorities. Concerns identified during the Sweep
will result in follow-up work such as outreach to organizations and/or
Participants of the first GPEN Privacy Sweep in 2013 assessed the online
transparency of organizations in informing consumers about their
privacy practices. As part of that initiative, the Office of the
Privacy Commissioner of Canada followed up with a number of
organizations, including insurance companies, financial institutions
and media companies, regarding their privacy policies. Many of them
agreed to make significant changes to their privacy policies in order
to incorporate PIPEDA requirements and suggested best practices.
The Global Privacy Enforcement Network (GPEN) connects privacy
enforcement authorities to promote and support co-operation in
cross-border enforcement of laws protecting privacy.
The results of the 2014 sweep will be compiled and we expect they will
be made public by the fall of 2014.
About the Office of the Privacy Commissioner of Canada
The Privacy Commissioner of Canada is mandated by Parliament to act as
an ombudsman and guardian of privacy in Canada. The Commissioner
enforces two federal laws for the protection of personal information:
the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to commercial activities in the Atlantic
provinces, Ontario, Manitoba, Saskatchewan and the Territories. Quebec,
Alberta and British Columbia each has its own law covering the private
sector. Even in these provinces, PIPEDA continues to apply to the
federally regulated private sector and to personal information in
interprovincial and international transactions.