An international project aimed at understanding how websites and apps collect and share children’s personal information had mixed results.
Of the 1,494 websites and apps analyzed around the globe, 67 percent were found to collect children’s personal information and 50 percent shared information with other organizations.
The Office of the Information and Privacy Commissioner was one of 29 information and data protection regulators to have participated in the Global Privacy Enforcement Network’s (GPEN) annual privacy sweep, which focused on children’s online privacy this year.
“This global sweep provides a unique opportunity for us to collaborate with international information and data protection authorities on issues of mutual concern, such as this year’s focus on children’s privacy,” said Jill Clayton. “Each day, more people become aware of the massive amounts of their personal information being shared between organizations. These statistics on children’s personal information may provide parents and guardians with a moment of reflection to ask, ‘Why do organizations want to know this much about my child? What are the potential benefits or harms to my child? How can I have more control over my child’s personal information?’”
Of the websites and apps examined, results included:
- 67 percent collected children’s personal information
- 31 percent had effective controls in place to limit the collection of personal information from children
- 50 percent shared personal information with third parties
- 22 percent provided an opportunity for children to give their phone number
- 23 percent allowed users to upload photos or video
- 58 percent offered children the opportunity to be redirected to a different website
- 24 percent encouraged parental involvement
- 71 percent did not offer an accessible means for deleting account information
The project did find that some websites and apps were providing effective protective controls, such as parental dashboards, and pre-set avatars or usernames to prevent children from inadvertently sharing their own personal information. Other exemplars included chat functions which allowed children to only choose words and phrases from pre-approved lists, and use of just-in-time warnings to deter children from unnecessarily entering personal information.
Of the 1,494 websites and apps reviewed internationally, 20 websites and apps from Alberta-based organizations were reviewed. Encouraging in the data from Alberta was that 14 of the 20 websites did not collect individually identifying personal information except for website cookies and IP addresses.
GPEN aims to improve global enforcement cooperation around privacy legislation. This is the third annual sweep, and follows reports on the transparency of websites and mobile privacy.
A lesson plan for students in Grades 7 and 8 was also developed to allow them to conduct their own sweep to learn about what “personal information” is, why websites and apps collect it, and how better to protect online privacy.
About the GPEN
The Global Privacy Enforcement Network was established in 2010 upon recommendation by the Organisation for Economic Co-operation and Development. Its aim is to foster cross-border cooperation among privacy regulators in an increasingly global market in which commerce and consumer activity relies on the seamless flow of personal information across borders. Its members seek to work together to strengthen personal privacy protections in this global context. The informal network is comprised of 57 privacy enforcement authorities in 43 jurisdictions around the world.