Many privacy policies are long, complex: OAIC

The Australian privacy commissioner has revealed the results of a global privacy sweep, with more than half of the websites examined failing to meet the requirements set out by the upcoming Privacy Act reforms.

The Office of the Australian Information Commissioner (OAIC) has examined the privacy policies of the most commonly accessed websites in Australia and found most wanting, with 83 percent having at least one privacy-related issue.

Nearly 50 of the most popular websites in Australia had their privacy policies evaluated on readability, relevance, and accessibility, and were measured against the reforms in the Privacy Act that are due to come into effect on March 12, 2014.

Announcing the results on Wednesday, Australian Privacy Commissioner Timothy Pilgrim said, "It is a concern that nearly 50 percent of website privacy policies were difficult to read. On average, policies were over 2,600 words long. In my view, this is just too long for people to read through. Many policies were also complex, making it difficult for most people to understand what they are signing up to.

"With only eight months to go until new privacy laws commence, organisations should be looking at their privacy policies now to ensure they comply with the new requirements. Organisations need to focus on these requirements and be open and transparent about their privacy practices."

Despite Australian Attorney-General Mark Dreyfus warning organisations in April to prepare for the changes to the Privacy Act, OAIC revealed that more than 65 percent of the privacy policies examined on the as yet unnamed websites contain irrelevant and confusing information, with almost half being difficult to read. Fifteen percent have policies that are difficult to find, and one site did not even have a policy.

The privacy commissioner also addressed issues in regards to accessibility.

"Privacy policies need to be accessible by all users. This means that policies should be in formats that can be read by people using assistive technologies like a screen reader."

Under the new Australian Privacy Principle 1, organisations must have a current and readable privacy policy. The sweep found that presently, the average age for readability is 16, with none of the policies meeting the OAIC's recommended age of 14.

In April, a survey of business and government agencies commissioned by internet security company McAfee found that many were largely unaware of the impending changes to the Privacy Act.

"Now is the time to change existing systems and practices, and begin to get your staff familiar with the new regime. The sooner these changes are embedded, the easier it will be to comply with the new measures in March 2014," Attorney-General Dreyfus said at the time.

Announced in May , the international "privacy sweep" was an enterprise of the Global Privacy Enforcement Network (GPEN). Other participants included government privacy organisations from France, Germany, Canada, the UK, the US, New Zealand, Honk Kong, Ireland, Finland, and Norway.

Globally, 2,186 websites were searched, with 31 percent of the policies examined found to have dubious readability; 28 percent of policies including irrelevant information; 21 percent of sites found to have no privacy policy; 23 percent of websites having difficult-to-find policies; and 19 percent of sites having no discernible way to contact them.

Half of all websites examined had at least one privacy issue identified.

Show Comments