The Office of the Australian Information Commissioner (OAIC) has assessed the transparency of online privacy policies from Australia’s top-visited websites in the first international ‘internet privacy sweep’.
The sweep, which took place last month, investigated the readability, accessibility and content of 50 government and private sector websites, ahead of changes that will tighten Australian privacy laws next year.
The Australian privacy commissioner, Timothy Pilgrim says Australians are expressing a growing concern over the private information they’re expected to provide online. “Organisations need to be clear about what they’re going to do with people’s personal information,” he says.
“People often go ahead and agree, and enter into arrangements with organisations…if they haven’t read the policies fairly closely, then they might find that their information is being used in ways they hadn’t expected.”
In a 2011 survey conducted by the Asia Pacific Privacy Authorities, 62 per cent of the respondents admitted they don’t read privacy terms and conditions because they are too long or too difficult to understand.
In addition, a third weren’t sure how to use their privacy settings and 46 per cent said they were uncomfortable about targeted marketing based on their online activities.
Leonie Smith, a cyber-safety educator and ambassador for National Cyber Security Awareness Week 2013, says it’s not surprising that people get confused about what they’re agreeing to.
“You can Google the privacy policies and you’ll probably find that there have been articles attempting to break them down into language you can understand,” she says. “But the thing you really need to do is to be very careful about what it is that you give over to the particular platforms that you’re using. For example, if it’s Facebook, that if they are selling your details on to third parties that you’re happy with that.”
Last month’s sweep assessed privacy policies against amendments to Australian privacy law that will come into effect in March 2014. The changes include the introduction of a new set of privacy principles that all government agencies and organisations covered by the Privacy Act must comply with.
In particular, organisations will need to have privacy policies that provide for the ‘open and transparent management of personal information.’ For Commonwealth government agencies, these new principles will replace a set that has been in place for 25 years.
The results of the sweep, due for release in July, will be used by the OAIC to educate and advise organisations who need to change their privacy policies to comply with the new transparency requirements next year.
In the meantime, another amendment has been put to Parliament that, if passed, will require companies to notify their customers and the OAIC when sensitive personal information is hacked or lost.
Despite the many challenges of the online world, Mr Pilgrim says the 2014 amendments are designed to be flexible in the face of rapidly developing technology.
“It is certainly a challenge, which is why we’ve had law reform to amend the Privacy Act,” he says.
“But one of the key features of the Australian Privacy Act is that it’s based around what’s called principle-based law …So it’s written in general terms about the broad ways that personal information should be handled, regardless of whether it’s being collected by on an old paper form or online. The requirements are still the same.”