The Global Privacy Enforcement Network (GPEN) is a group of privacy regulators whose mission is to improve cooperation in the enforcement of cross-border laws affecting privacy. In their third annual “Privacy Sweep”, twenty-nine data protection authorities across 21 countries (including Ireland) reviewed 1,494 websites and mobile apps that were popular among children. The aim of the report was to determine:
- Whether apps and websites are collecting personal information from children,
- What personal information is being collected,
- Whether protective controls exist to effectively limit the collection,
- Whether the information can be easily deleted
Globally, the report found that:
- 67% of websites and apps collect personal information, e.g., name, chat function, photo, video, audio, address, phone number, from children
- 51% of websites disclosed personal information to third parties
- 58% of websites and apps reviewed redirected children redirected their users to other websites – where personal information was collected. This redirection was via ad or a contest that sometimes appeared as part of the website or app
- 71% did not offer an accessible means of deleting account information
- 24% requested some form of parental involvement and only 14% had a parental dashboard
The Office of the Data Protection Commissioner (Ireland) focussed on just 18 websites and apps.
John Rogers, Senior Investigations Officer who coordinated the Irish Privacy Sweep:
"Our findings from the Sweep are of concern and we feel that websites and apps being targeted at children need to improve greatly in terms of children’s privacy".
"Excessive data sought, lack of user information and lack of parental controls were among the issues identified. We now intend to carry out a more details examination of the sites/apps of concern and contact then requesting remedial action where necessary."
