Office of the Privacy Commissioner | Sweep finds children’s websites could do more to protect users
An international project looking at websites and apps used by children has raised concerns over the personal information they collect.
The project raised concerns about 41 percent of the 1,494 websites and apps that were reviewed, particularly around how much personal information was collected and how it was shared with third parties.
The Global Privacy Enforcement Network (GPEN) Sweep involved 29 data protection regulators, including the Office of the Privacy Commissioner in New Zealand, reviewing websites and apps targeted at, or popular with, children. The coordinated sweep was held during May 2015.
Results included:
- 67 percent of the sites/apps examined collected children’s personal information
- only 31 percent of sites/apps had effective controls in place to limit the collection of personal information from children. Particularly concerning was that many organisations whose sites/apps were popular with children simply claimed in their privacy notices that they were not intended for children, and then implemented no further controls to protect against the collection of personal data from the children who would inevitably access the app or site
- half of sites/apps shared personal information with third parties
- 22 percent of sites/apps provided an opportunity for children to give their phone number and 23 percent of sites/apps allowed them to provide photos or video. The potential sensitivity of this data is a concern
- 58 percent of sites/apps offered children the opportunity to be redirected to a different website
- Only 24 percent of sites/apps encouraged parental involvement; and
- 71 percent of sites/apps did not offer an easy way to delete account information.
Examples of good practice
The project did find examples of good practice, with some websites and apps providing effective protective controls, such as parental dashboards, and pre-set avatars and/or usernames to prevent children inadvertently sharing their own personal information.
Other good examples included chat functions which only allowed children to choose words and phrases from pre-approved lists, and use of just-in-time warnings to deter children from unnecessarily entering personal information.
While the project focused on privacy practices, authorities also noted concerns around the inappropriate nature of some advertisements on websites and apps aimed at children.
GPEN aims to improve global enforcement cooperation around privacy legislation. This is the third annual sweep, and follows reports on the privacy practice transparency of websites and mobile privacy.
About the Global Privacy Enforcement Network (GPEN)
GPEN was established in 2010 upon recommendation by the Organisation for Economic Co-operation and Development. Its aim is to foster cross-border cooperation among privacy regulators in an increasingly global market in which commerce and consumer activity relies on the seamless flow of personal information across borders. Its members seek to work together to strengthen personal privacy protections in this global context. The informal network is comprised of 57 privacy enforcement authorities in 43 jurisdictions around the world.
A copy of this media release is available here.
The GPEN Sweep International Report is here.
The GPEN Sweep Summary Results Table here.
For further information, contact Charles Mabbett or Sam Grover on 021 509 735.