The Office for Personal Data Protection (GPDP) urged website administrators Thursday to improve their protection of users’ personal data.
The office said in a statement that officials looked into 60 websites serving local residents – including 15 sites run by SJM, Wynn Resorts, Galaxy Entertainment Group (GEG), MGM Resorts, Melco Crown Entertainment and the Venetian Macau – in May where they examined the websites’ level of protection of personal data.
According to the office, their action was part of an international effort called Internet Privacy Sweep, co-ordinated by the Global Privacy Enforcement Network (GPEN).
The statement cited by The Macau Post Daily said that based on the criteria laid out by the GPEN, the office found that of the 60 websites scrutinised by its officials, 34 did not have any privacy policies or relevant information available to Internet users when registering to access.
The office said that while the remaining 26 websites had contact information and privacy policies that were easy to find on their websites, 12 of them do not clarify the terms and conditions, such as using too many legal terms that Internet users might find confusing. The office also found that these websites’ statements on privacy policies are too long.
The office added in the statement that the websites’ privacy policies did not specify how they will handle users’ personal data, especially whether the data will be transferred to third parties for marketing purposes.
This means that including the 34 websites that the officials found not to have any privacy policies when users sign in, 46 out of the 60 websites failed to meet the standards set by the GPEN to safeguard users’ privacy.
The statement further revealed that about half of the 26 websites that have privacy policies did not clearly provide information on users’ rights when they submit their personal data.
The office added that only 23 of the 60 websites its officials looked into were actually based in Macau, while the rest of them were based in Australia, mainland China, Hong Kong, Singapore, and the United States.
It concluded that websites that are based outside Macau might transfer local Internet users’ personal information elsewhere, advising administrators to at least reveal their websites’ privacy policies and state in a simple and clear manner how they will handle users’personal information.(macaunews)