Those were some of the findings of a review of the privacy policies of over 300 Canadian websites conducted by Privacy Commissioner Jennifer Stoddart and her staff and released Tuesday, along with a blog post highlighting "good," "bad," and "ugly" examples.
Two "ugly" examples highlighted in a blog post on her website Tuesday were the fast-food chain A&W Canada, which collects photos and personal information such as dates of birth, but "offers nothing but a blanket promise of compliance with the law;" and Paternity Testing Centers of Canada, which collects "sensitive DNA samples," but promises only that "every test performed is strictly confidential."
"At the other extreme, we saw long, legalistic policies that simply regurgitated — word for word in some cases — federal privacy legislation,” Stoddart said in a statement. "Neither approach is helpful to Canadians — nor necessary, as demonstrated by the many privacy policies we saw that were able to strike a balance between transparency and concision."
"And that email address is…?" the blog post asked. "Well, we couldn't find it."
Tim Hortons, Tripadvisor, Allstate and IKEA Canada policies were highlighted by the review as "positive examples of transparency" that provide "information that real people would actually want to know."
App privacy policies particularly lacking
The results of the Canadian review were combined with those from 18 other privacy enforcement authorities around the globe, covering 2,186 websites and 90 mobile apps, as part of the first Global Privacy Enforcement Network Internet Privacy Sweep, conducted May 6-12.
- Mobile apps with privacy policies often linked to websites that didn't specifically address the collection and use of information within apps.
- 33 per cent of websites had privacy policies that lacked relevant information, such as details about how information was collected and used.
- 31 per cent of websites had privacy policies that weren't very readable, often because they quoted directly from legislation.