(11 May 2015) The Office of the Privacy Commissioner for Personal Data ("PCPD") joined the Global Privacy Enforcement Network ("GPEN") to conduct a "Privacy Sweep" ("Sweep") from 11 to 15 May 2015, examining websites and mobile applications ("apps") for issues related to youth privacy. The theme was chosen as many privacy enforcement authorities have identified youngsters as a key area of focus, given the proliferation of websites and mobile apps targeted this vulnerable group.
The GPEN1 was established to foster cross-border cooperation among privacy enforcement authorities. This year, 28 privacy enforcement authorities from around the world (full list at Appendix), including the PCPD, participated in the Sweep to broaden public and business awareness of privacy rights and responsibilities; identify privacy concerns which need to be addressed; and encourage compliance with privacy legislation. Online privacy issues have been the PCPD's major focus in recent years. Similar exercises were conducted in 2013 and 20142 that looked at privacy issues associated with the use of local mobile apps.
The PCPD recognises that youngsters are the most active users of computers, smartphones and social networks. Acting Privacy Commissioner for Personal Data, Ms Fanny Wong, said, "The topic of youth privacy is of great importance to privacy enforcement authorities. Youngsters are frequently identified as one of the most vulnerable groups. Many parents worry about their children's online privacy, and are concerned that youngsters put themselves at risk of harassment and solicitation by revealing personal data, usually to marketers or to strangers on social networking sites. Whether youngsters are provided with an appropriate level of protection online remains an ongoing issue for privacy enforcement authorities."
In view of the widespread use of websites and mobile apps in Hong Kong, the PCPD will select those that primarily target youngsters to better understand the type of personal data being collected through these platforms.
"This Sweep exercise is significant, because it will not only reveal how websites and mobile apps that target youngsters collect their personal data, but also assesses whether: these platforms seek parental involvement, they allow users to be redirected to another site, they make it easy to delete personal data, and privacy communications are tailored to the appropriate age group through approaches such as simple language, large print, audio or animation," said Ms Wong. "We hope the privacy of youngsters can be further safeguarded after conducting this examination."
The results of this year's Sweep will be compiled and made public in autumn this year. Concerns identified during the Sweep may result in follow-up work, such as education and promotion, outreach to organisations and/or enforcement action.
- End -
2 Media statements about the Sweep results in 2013 and 2014:
Appendix – List of Participants in the 2015 Sweep
|
Country/Region |
Name of the Privacy Enforcement Authority |
|---|---|
| Argentina | National Directorate for Personal Data Protection of Argentina |
| Australia | Office of the Australian Information Commissioner |
| Victoria, Australia | Office of the Commissioner for Privacy and Data Protection, Victoria, Australia |
| Belgium | Privacy Commission of Belgium |
| Canada | Office of the Privacy Commissioner of Canada |
| Alberta, Canada | Office of the Information and Privacy Commissioner of Alberta |
| British Columbia, Canada | Office of the Information and Privacy Commissioner for British Columbia |
| Quebec, Canada | Commission d'accès à l'information |
| Colombia | Superintendence of Industry and Commerce of Colombia |
| Estonia | Estonian Data Protection Inspectorate |
| France | Commission Nationale de l'Informatique et des Libertés |
| Germany | Federal Commissioner for Data Protection and Freedom of Information |
| Bavaria, Germany | Data Protection Supervisory Authority of Bavaria |
| Berlin, Germany | Berlin Data Protection Commissioner |
| Hessen, Germany | Data Protection Commissioner of Hessen |
| Gibraltar | Gibraltar Regulatory Authority |
| Ireland | Office of the Data Protection Commissioner |
| Israel | Israeli Law, Information and Technology Authority |
| Italy | Garante per la protezione dei dati personali (Italian Data Protection Authority) |
| Mexico | Federal Institute for Access to Information and Data Protection |
| Norway | Norwegian Data Protection Authority |
| New Zealand | Office of the Privacy Commissioner |
| Republic of Macedonia | Directorate for Personal Data Protection |
| United Kingdom | United Kingdom Information Commissioner's Office |
| United States | Federal Communications Commission |
| United States | Federal Trade Commission |
| Macao SAR | Office for Personal Data Protection |
| Hong Kong SAR | Office of the Privacy Commissioner for Personal Data, Hong Kong |