NDIS Criterion
MEDIA, JOBS & RESOURCES FOR THE COMMON GOOD
NEWS  |  Politics

Website Privacy Policies Too Complex


Tuesday, 27th August 2013 at 11:55 am
Staff Reporter, Journalist
A significant majority of website ‘privacy’ policies examined by the Office of the Australian Information Commissioner (OAIC) are too long and complex.

Tuesday, 27th August 2013
at 11:55 am
Staff Reporter, Journalist


0 Comments


FREE SOCIAL
SECTOR NEWS

 Print
Website Privacy Policies Too Complex
Tuesday, 27th August 2013 at 11:55 am

A significant majority of website ‘privacy’ policies examined by the Office of the Australian Information Commissioner (OAIC) are too long and complex.

The Privacy Commissioner has released the results of a ‘privacy sweep’ of the websites most used by Australians. The sweep was part of the first international internet privacy sweep, an initiative of the Global Privacy Enforcement Network (GPEN).

Almost 50 website privacy policies were assessed for accessibility, readability and content. The websites were also assessed against new transparency requirements in the Privacy Act that will come into effect on 12 March 2014.

Australian Privacy Commissioner, Timothy Pilgrim, said the results of the sweep were mixed with 83% of the sites having one or more issues around: 'easy to find', 'easy to read', 'contacts for further information', relevance and length.

'It is a concern that nearly 50% of website privacy policies were difficult to read. On average, policies were over 2,600 words long.

“In my view, this is just too long for people to read through. Many policies were also complex, making it difficult for most people to understand what they are signing up to," Pilgrim said.

'We did see some instances where organisations provided both a simplified and full policy to assist their customers to understand what will happen to their personal information. This attempt to use 'layered' privacy policies is encouraging."

The sweep also found that over 65% of privacy policies provided information that was not relevant to the handling of personal information, and was potentially confusing. One website did not have a privacy policy.

The Privacy Commissioner also reminded organisations that, in addition to readability and length, it was important to consider accessibility issues.

"Privacy policies need to be accessible by all users. This means that policies should be in formats that can be read by people using assistive technologies like a screen reader," Pilgrim said.

'With only 8 months to go until new privacy laws commence, organisations should be looking at their privacy policies now to ensure they comply with the new requirements. Organisations need to focus on these requirements and be open and transparent about their privacy practices.

“This will give people a better understanding of how their personal information will be handled so that they can make an informed decision about doing business with the organisation."

To comply with new Australian Privacy Principle 1, organisations must have a clearly expressed and up to date privacy policy. The OAIC will use the sweep findings to inform the development of guidance about privacy policies for organisations in the lead up to March 2014.

The OAIC examined the top sites most visited by Australians (sourced from Alexa.com). Some key trends observed by the OAIC included:

  • 15% had a privacy policy that was hard to find on the website

  • 9% of sites reviewed either listed no privacy contact or it was difficult to find contact information for a privacy officer

  • Almost 50% of policies raised 'readability' issues, ie they were considered to be too long and difficult to read

  • The average reading age of the policies was 16. None of the full privacy policies met the OAIC's preferred reading age level of 14. The OAIC used the Flesch-Kinkaid Reading Ease test

  • More than 65% of privacy policies raised concerns with respect to the relevance of the information provided.  For example, some sites with .au domain names were unclear about whether the site complied with the Privacy Act 1988.

The first Global Privacy Enforcement Network (GPEN) Internet Privacy Sweep took place from 6 to 12 May 2013.

19 privacy enforcement authorities from around the globe participated in the first GPEN Internet Privacy Sweep.  

The OAIC says the Sweep did not involve an in-depth analysis of the transparency of each website's privacy practices, but sought to replicate the consumer experience by spending a few minutes per site checking for performance against a set of criteria.

“The Sweep was not an investigation, nor was it intended to conclusively identify compliance issues or legislative breaches. Rather, it was meant to help participating authorities identify sites or mobile phone apps which may warrant further assessment or follow-up after the Sweep and/or identify trends which might guide future education and outreach.”

The Office of the Australian Information Commissioner has also released the new Australian Privacy Principles (APP) Guidelines for consultation. The Guidelines outline how the OAIC will interpret and apply the APPs, which are central to new privacy laws that will commence on 12 March 2014.


Staff Reporter  |  Journalist |  @ProBonoNews


FEATURED SUPPLIERS


Helping the helpers fund their mission…...

FrontStream Pty Ltd (FrontStream AsiaPacific)

Brennan IT helps not-for-profit (NFP) organisations drive gr...

Brennan IT

Yes we’re lawyers, but we do a lot more....

Moores

HLB Mann Judd is a specialist Accounting and Advisory firm t...

HLB Mann Judd

More Suppliers


YOU MAY ALSO LIKE

Report Calls for Government to Defend Democracy

Wendy Williams

Thursday, 8th June 2017 at 8:50 am

Half a Million Red Cross Donors’ Personal Data Leaked

Ellie Cooper

Friday, 28th October 2016 at 4:14 pm

POPULAR

Disability Advocacy Group Fights to Restore State Funding

Luke Michael

Thursday, 9th November 2017 at 8:37 am

Red Cross Moves to Wage-Based Fundraising Model

Lina Caneva

Thursday, 16th November 2017 at 8:30 am

New Same-Sex Marriage Bill Looks to Protect Faith-Based Charities

Luke Michael

Monday, 13th November 2017 at 5:25 pm

Donors Looking for a Personalised Experience to Give More – Study

Lina Caneva

Wednesday, 8th November 2017 at 1:43 pm

Write a Reply or Comment

Your email address will not be published. Required fields are marked *


NDIS Criterion
pba inverse logo
Subscribe Twitter Facebook

The social sector's most essential news coverage. Delivered free to your inbox every Tuesday and Thursday morning.

You have Successfully Subscribed!