1 in 5 websites lacks info on data protection

PARIS - A fifth of the world's websites and mobile- phone applications provide no information on how, or if, they protect users' personal data, a French watchdog said on Tuesday.

In collaboration with 19 countries, France's national data-protection agency, CNIL, conducted an audit of more than 2,000 of the world's most popular websites and apps in May to evaluate how they inform users of their data-collection practices.

"More than 20 per cent of the websites and mobile applications audited supply no information to their visitors in regard to their policies on data protection, even though these sites or applications collect personal information," the agency said in a statement.

"For mobile applications alone, this number even reached 50 per cent."

In cases when such policies are not communicated, users "do not have the means to control their data", CNIL said. It added that, even when such policies are available, they are often too general or too focused on specific technical aspects, such as cookies.

Internet services routinely install small bits of software, called cookies, on users' computers to store identifying information and to track Internet behaviour.

All the authorities involved in the audit complained that essential information was often withheld, such as the purpose of the data collection or whether the information would be passed on to a third party.

They also pointed to the practice of "drowning" policies on data protection in general-conditions statements.

In France, where CNIL said it had audited 250 websites, it found "99 per cent of them collected data of private character".