On May 6, 2013, the Global Privacy Enforcement Network (“GPEN”) announced its first “Internet Privacy Sweep,” in which 19 data protection authorities are participating. This joint effort, which runs May 6-12, 2013, involves a review of the information notices posted online by major websites.
The French Data Protection Authority (“CNIL”) is participating in this initiative and has announced that it would subject 250 top websites to further scrutiny.
According to the CNIL, the purpose of the review is to examine whether web users are properly informed of:
- the types of personal data collected;
- the purposes for which the data are collected;
- whether personal data are transferred to third parties; and
- whether web users can object to the transfer of their personal data to third parties.
The CNIL also considered whether this information was provided in clear and plain language such that web users can easily understand the notice.
The CNIL may carry out more detailed reviews if its initial findings reveal serious breaches of the French Data Protection Act. It also is possible that other data protection authorities that are participating in the Internet Sweep may take similar action.