In the week commencing 12 May, members of the Global Privacy Enforcement Network (GPEN) will conduct an online privacy sweep, focusing on the transparency with which mobile apps collect personal data.
GPEN is an informal network of 27 Data Protection Authorities (“DPAs”) that was established in 2007. Its members include the UK’s ICO, France’s CNIL, Spain’s AEPD, Canada’s OPC and the U.S. FTC.
The network’s tasks are to:
- Support joint enforcement initiatives and awareness campaigns
- Work to developed shared enforcement policies
- Share best practices in addressing cross-border challenges
- Discuss the practical aspects of privacy law enforcement co-operation
The sweep is part of an effort to ensure that consumers are fully aware of the ways in which apps gather and use personal data. To this end, DPAs will focus on the level of permission requested by apps, the way in which the permission is requested and the purposes for which personal data are used. The DPAs will focus in particular on whether the level of permission requested by the app is what would be expected of an app of its type, or whether it appears excessive.
This is the second time that GPEN has conducted an Internet privacy sweep. In May 2013, DPAs from 19 jurisdictions carried out a sweep of websites and apps and their privacy policies. This looked at (1) was there a privacy policy? (2) was it easy to find? (3) was it easy to read and understand? This led to regulators following up with a number of organisations, including insurance companies, financial institutions, and media companies, resulting in some substantial changes being made to their privacy policies.
The results of the 2014 sweep are expected to be published later this year.