Blog and News

Concerns over websites and apps aimed at children

Ross McLoughlin - 11 September 2015

Concerns over websites and apps aimed at children

The Global Privacy Enforcement Network (GPEN) is a group of privacy regulators whose mission is to improve the cooperation in enforcement of cross-border laws affecting privacy.  In their third annual “Privacy Sweep”, twenty nine data protection authorities across 21 countries (including Ireland) reviewed 1,494 website and mobile apps that were popular among children.  The aim of the report was to determine:

  • Whether apps and websites are collecting personal information from children,
  • What personal information is being collected,
  • Whether protective controls exist to effectively limit the collection,
  • Whether the information can be easily deleted

Globally, the report found that:

  • 67% of websites and apps collect personal information, e.g., name, chat function, photo, video, audio, address, phone number, from children
  • 51% of websites disclosed personal information to third parties
  • 58% of websites and apps reviewed redirected children redirected their users to other websites – where personal information was collected.  This redirection was via ad or a contest that sometime appeared as part of the website or app
  • 71% did not offer an accessible means of deleting account information
  • 24% requested some form of parental involvement and only 14% had a parental dashboard

The Office of the Data Protection Commissioner (Ireland) focussed on just 18 websites and apps.  The results for Ireland can be found here.

John Rogers, Senior Investigations Officer who coordinated the Irish Privacy Sweep:

"Our findings from the Sweep are of concern and we feel that websites and apps being targeted at children need to improve greatly in terms of children’s privacy".

"Excessive data sought, lack of user information and lack of parental controls were among the issues identified.  We now intend to carry out a more details examination of the sites / apps of concern and contact then requesting remedial action where necessary."

Previous Post

IVI Autumn Summit 2015 and DP-CheckPoint

Next Post

Murphy’s Law in the Internet of Things