Even in the lazy days of summer, the world of privacy doesn't rest.
This week, the Office of the Privacy Commissioner of Canada and global data protection and competition authorities revealed the results of their latest Global Privacy Enforcement Network "sweep."
Every year, GPEN data protection authorities choose a theme, examine the practices of various organizations, and share their conclusions, along with best practices. This year, more than 1,000 websites and mobile apps were scrutinized, and a staggering 97% were found to use deceptive design patterns. Canadian regulators focused on 67 sites and apps targeting children.
Here's what OPC's portion of the sweep uncovered for deceptive practices:
- Complex Language: Policies and notices filled with confusing, university-level jargon.
- Interface Interference: Emotionally charged language to nudge users toward less privacy-protective choices.
- Nagging: Repeatedly asking users to reconsider deleting their accounts.
- Obstruction: Creating hurdles for accessing privacy settings, personal information or account deletion.
- Forced Actions: Requiring more personal info to delete an account than when it was created.
Check out the OPC's announcement and Privacy Commissioner Philippe Dufresne's informative and engaging little video about this year's GPEN work.
And remember that while the sweeps aren't formal investigations, as privacy pros, I do think it's worth paying close attention to their outcomes. In this case, we learn quite a bit about what practices the regulators find particularly offensive, especially when they are used on websites and apps that engage children.
I've spent approximately 25 years of drafting privacy notices and helping clients come to market with products and services that comply with our privacy laws and best practices. Paying attention to things like the sweep have simply been good due diligence while the information provides a great learning tool. I hope you take the time to pay attention as well.
I think it's also noteworthy to think about the global cooperation among the various data protection authorities that took part in the study. It reminds me of Commissioner Dufresne's remarks a few weeks ago at the IAPP leadership retreat. He spoke about the need for more, not less, cooperation amongst digital regulators in order to reduce some entropy in the industry and replace it with some regulatory cohesion, clarity and order.
Have a great summertime weekend.
Kris Klein, CIPP/C, CIPM, FIP, is the managing director for Canada at the IAPP.