08/13/2013 16:54 EDT | Updated 10/13/2013 05:12 EDT

A&W, Bell Media rapped over internet privacy policies

Canadians who want to know how their personal information is being used by the websites they visit should perhaps steer clear of fast food chain A&W and the Paternity Testing Centres of Canada. And those who have questions about the privacy policy for and other Bell Media websites may have trouble finding someone to ask.

Those were some of the findings of a review of the privacy policies of over 300 Canadian websites conducted by Privacy Commissioner Jennifer Stoddart and her staff and released Tuesday, along with a blog post highlighting "good," "bad," and "ugly" examples.

A survey of 1,500 Canadians conducted by the commissioner's office last year and released in January suggested that 81 per cent of respondents believe it is very important for websites to inform users about what kinds of personal information they collect and how they use it, and that 68 per cent had chosen not to use a site or service because they were uncomfortable about the terms of its privacy policy.

Almost 10 per cent of Canadian websites reviewed had no privacy policy, while some policies "offered so little transparency to customers and site visitors that the sites may as well have said nothing on the subject," Stoddart reported.

Two "ugly" examples highlighted in a blog post on her website Tuesday were the fast-food chain A&W Canada, which collects photos and personal information such as dates of birth, but "offers nothing but a blanket promise of compliance with the law;" and Paternity Testing Centers of Canada, which collects "sensitive DNA samples," but promises only that "every test performed is strictly confidential."

"At the other extreme, we saw long, legalistic policies that simply regurgitated — word for word in some cases — federal privacy legislation,” Stoddart said in a statement. "Neither approach is helpful to Canadians — nor necessary, as demonstrated by the many privacy policies we saw that were able to strike a balance between transparency and concision."

The report noted that about 20 per cent of websites either didn't list anyone to contact about privacy questions or made it difficult to find contact information for questions about their privacy policy.

In the case of, The and other Bell Media websites, listed by the blog post as "bad," visitors are invited to email if they have questions, comments or suggestions about the company's privacy policy.

"And that email address is…?" the blog post asked. "Well, we couldn't find it."

Tim Hortons, Tripadvisor, Allstate and IKEA Canada policies were highlighted by the review as "positive examples of transparency" that provide "information that real people would actually want to know."

App privacy policies particularly lacking

The results of the Canadian review were combined with those from 18 other privacy enforcement authorities around the globe, covering 2,186 websites and 90 mobile apps, as part of the first Global Privacy Enforcement Network Internet Privacy Sweep, conducted May 6-12.


- 21 per cent of websites and 54 per cent of mobile apps had no privacy policy at all.

- Mobile apps with privacy policies often linked to websites that didn't specifically address the collection and use of information within apps.

- 33 per cent of websites had privacy policies that lacked relevant information, such as details about how information was collected and used.

- 31 per cent of websites had privacy policies that weren't very readable, often because they quoted directly from legislation.