The Global Privacy Enforcement
Network recently published the results of its second
annual privacy enforcement survey or "sweep" which
assessed the transparency of the privacy practices of popular
mobile applications. The results of the sweep suggest that the
privacy policies of a high proportion of mobile applications do not
adequately explain how users' personal information is
collected, used and disclosed. The general conclusion of the sweep
was that clear and concise language in privacy policies builds
consumer trust and is good for business.
The Office of the Privacy Commissioner of Canada (Commissioner)
participated in the sweep and focused on 151 mobile applications
that were popular among Canadians. The key findings of the
Commissioner are as follows:
28% of the applications surveyed
provided a clear explanation of their collection, use and
disclosure of personal information practices;
26% of the applications surveyed
users' personal information would be collected, used or
among the applications with the best
privacy practices were popular applications in the
Tips for mobile application privacy policies
In connection with the sweep, the Commissioner released a guide for communicating
privacy practices to mobile application users. The three primary
messages contained in the guide are as follows:
order to obtain a meaningful consent from a user, a mobile
and easy to read. It should provide specific notifications to users
at key decision points, such as during registration or at the point
of purchase, and should be written in a manner that is
understandable to the application's user base.
Explain the data you are
should provide specific information in respect of how the
application will use the permissions it seeks. If an application
should explain what, if any, information made available by such
social media services is collected by the application and how it
will be used and/or disclosed.
Make, and keep, privacy
information accessible. An application's privacy
policy should also be accessible through the application's
functionality – forcing users to exit the application to link
to the application's website in order to view the privacy
policy is cumbersome and unnecessary. If an application utilizes
pop-ups at key decision points to convey privacy information or
obtain consents, the application should contain functionality that
enables a user to re-visit the information that was contained in
the pop-up after the pop-up is dismissed.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).