The Privacy Commissioner’s Office will be participating in the second Global Privacy Enforcement Network (GPEN) mobile sweep next week, surveying commonly used New Zealand apps, as well as overseas apps.

This year, 27 privacy enforcement authorities are participating in the sweep – up from 19 in 2013. Each participating country will check for any privacy issues emerging in a variety of mobile applications. GPEN was established to foster cross-border cooperation among privacy authorities.

Mobile apps, many of which collect a great deal of personal information, have been identified as a key area of focus in light of the privacy implications for consumers.

Some of the privacy concerns that have emerged include:

  • whether consumers are clearly informed about the types of personal information an app collects and uses
  • why that data is needed, and
  • collection of information beyond what is needed for an app function.

During sweep week, participants will review some of the most popular apps as well as apps of particular interest to their jurisdiction.  For example, some participants plan to focus on health-related apps or apps developed by public sector organisations.

Among other things, sweep participants will be looking at:

  • the types of permissions an app is seeking
  • whether those permissions are reasonable in terms of the app’s functionality
  • whether the app explains why it wants the personal information, and
  • what the app will do with the information.

The goals of the Sweep include increasing public and business awareness of privacy rights and responsibilities and identifying specific concerns so that they may be addressed with targeted education and/or enforcement.

The global results of this year’s Sweep will be made public by September 2014.

Participants in the 2014 Sweep

Australia

Office of the Australian Information Commissioner

Office of the Victorian Privacy Commissioner

Belgium

Privacy Commission of Belgium

Canada

The Office of the Information and Privacy Commissioner of Alberta

Office of the Information and Privacy Commissioner for British Columbia

Office of the Privacy Commissioner of Canada

China

Office of the Privacy Commissioner for Personal Data, Hong Kong SAR

Office for Personal Data Protection, Macao SAR

Colombia

Superintendence of Industry and Commerce of Colombia

Estonia

Estonian Data Protection Inspectorate

Finland

Office of the Data Protection Ombudsman

France

Commission Nationale de l'Informatique et des Libertés

Germany

Commissioner for Data Protection Baden-Württemberg

Data Protection Supervisory Authority of Bavaria

Berlin Data Protection Commission

Federal Commissioner for Data Protection and Freedom of Information

Data Protection Commissioner of Hessen

Gibraltar

Gibraltar Regulatory Authority

Hungary

National Authority for Data Protection and Freedom of Information

Ireland

Office of the Data Protection Commissioner of Ireland

Israel

The Israeli Law, Information and Technology Authority (ILITA)

Italy

Italian Data Protection Authority

Mexico

Federal Institute for Access to Information and Data Protection

New Zealand

Office of the Privacy Commissioner

Norway

Norwegian Data Protection Authority

Spain

Spanish Data Protection Authority

United Kingdom

The Information Commissioner's Office

Information about the Global Privacy Enforcement Network (GPEN) can be found here: https://www.privacyenforcement.net/.

A pdf copy of this media advisory is available here [PDF, 455 KB].

ENDS

 

For further information contact: Charles Mabbett 021 509 735

Note for Editors

2013 Sweep Highlights

The theme of the first Privacy Sweep 2013 was Privacy Practice Transparency, and highlighted shortcomings in how some organisations provide online information about their privacy practices. 

Globally, almost one quarter (23 percent) of the more than 2,000 websites and mobile apps examined as part of the 2013 Sweep had no privacy policy available.  Approximately one-third of the privacy policies found raised concerns about the relevance of the information in them.

The 2013 Sweep found that mobile app privacy policies lagged behind those found on traditional websites.Some 92 percent of mobile apps reviewed in the sweep raised one or more concerns with respect to how they present information about their privacy practice, and 54 percent had no privacy policy at all.