(7 May 2013) The Office of the Privacy Commissioner for Personal Data ("PCPD") joins the Global Privacy Enforcement Network ("GPEN") to conduct an Internet Privacy Sweep ("the Sweep") from 6 May to 12 May 2013 to assess the openness and transparency of corporate data users in their collection and use of personal information online.
The GPEN is a network of privacy enforcement authorities from around the globe working together to protect the privacy rights of individuals. 19 privacy enforcement authorities (see full list at Appendix), including PCPD, are participating in the Sweep with a view to increasing public and business awareness of privacy rights and responsibilities; identifying privacy concerns which need to be addressed; and encouraging compliance with privacy legislation.
In view of the widespread use of smartphone apps in Hong Kong, the PCPD will examine the availability, accessibility and readability of privacy policies and Personal Information Collection Statement ("PICS") that local popular smartphone apps communicate to the users upon installation of the apps.
Mr Allan Chiang, Privacy Commissioner for Personal Data of Hong Kong said, "In the Internet era, modern commerce and consumer activity increasingly relies on the seamless flow of personal information across jurisdictions with different privacy laws and enforcement arrangements. Privacy has become an international issue and requires an international response."
"We are pleased to participate in this meaningful global initiative. Transparency is a fundamental privacy principle common to privacy laws around the world to ensure users can make meaningful decisions in exercising control over their own information. To be open and transparent about the collection and use of personal information in a mobile environment is a real challenge to the apps providers in view of the small-screen mobile space and intermittent user attention. These design features clearly aggravate the difficulty in reaching users with the right information about their privacy rights, in a form they could understand and at the right time for them to make informed choices."
The Sweep will reveal how the apps providers fare in this regard. The Sweep results will be announced in July/August this year. Concerns identified during the Sweep could result in follow-up work such as outreach to organisations and/or enforcement actions.
- End -
Appendix – List of Participating Privacy Enforcement Authority(s) (PEAs)
| Country/Region |
Name of the PEAs |
|---|---|
| Australia | Office of the Australian Information Commissioner |
| Canada |
|
| Estonia | Estonian Data Protection Inspectorate |
| Finland | Office of the Data Protection Ombudsman |
| France | Commission Nationale de l'Informatique et des Libertés |
| Germany |
|
| Hong Kong | Office of the Privacy Commissioner for Personal Data |
| Ireland | Office of the Data Protection Commissioner |
| Macao | Office for Personal Data Protection, Government of Macao |
| Macedonia | Directorate for Personal Data Protection |
| New Zealand | Office of the Privacy Commissioner |
| Norway | Data Protection Authority |
| United Kingdom | Information Commissioner's Office |
| United States | United States: Federal Trade Commission |