Data protection agencies ring alarm bells over apps and children’s privacy
Members of the Global Privacy Enforcement Network (GPEN) have raised concerns over the amount of data collected by apps and websites with 67 per cent apps and sites collecting personal information of children.
GPEN has raised questions over 41 per cent of the 1,494 websites and apps considered, particularly around how much personal information was collected and how it was then shared with third parties. The 29 data protection regulators who are members of the GPEN carried out a Privacy Sweep to look at websites and apps targeted at, or popular among, children.
They found that 67 per cent of sites/apps examined collected children’s personal information while only 31 per cent of sites/apps had effective controls in place to limit the collection of personal information from children.
GPEN said that particularly concerning was that many organisations whose sites/apps were clearly popular with children simply claimed in their privacy notices that they were not intended for children, and then implemented no further controls to protect against the collection of personal data from the children who would inevitably access the app or site
Further, 50 per cent of sites/apps shared personal information with third parties; 22 per cent of sites/apps provided an opportunity for children to give their phone number; and 23 per cent of sites/apps allowed them to provide photos or video. The potential sensitivity of this data is clearly a concern
The Privacy Sweep also found that 58 per cent of sites/apps offered children the opportunity to be redirected to a different website with only 24 per cent of encouraging parental involvement.
The analysis also found that 71 per cent of sites/apps did not offer an accessible means for deleting account information.
The project did find examples of good practice, with some websites and apps providing effective protective controls, such as parental dashboards, and pre-set avatars and/or usernames to prevent children inadvertently sharing their own personal information. Other good examples included chat functions which only allowed children to choose words and phrases from pre-approved lists, and use of just-in-time warnings to deter children from unnecessarily entering personal information.
The Information Commissioner’s Office (ICO), UK looked at 50 websites domestically, with similar results to the international picture. While the project focused on privacy practices, authorities also noted concerns around the inappropriate nature of some advertisements on websites and apps aimed at children.
Authorities will now consider whether further action is needed against the specific sites and apps they looked at in their country, and whether or not there are cases that should be addressed by coordinated international action.
Adam Stevens, who heads up the ICO’s intelligence hub, said: “These are concerning results. The attitude shown by a number of these websites and apps suggested little regard for how anyone’s personal information should be handled, let alone that of children.”
“We’ll now be writing out to the sites and apps that caused us concern, making clear the changes we expect them to make. We wouldn’t rule out enforcement action in this area if required.”