Enforcement sweep of website and apps for children
12 May 2015
On 11th May, 28 privacy regulators including those in US, UK and Canada will begin a review of websites and apps used by children, as part of an international project to review privacy compliance.
Each regulator will review 50 websites and apps, looking particularly at what information they collect from children, how that is explained, and what parental consent is sought. The websites and apps will include those specifically targeted at children, as well as those frequently used by children.
A combined by report the Global Privacy Enforcement Network will be published in the autumn. Privacy regulators will also consider action against any website or app that is found to be breaking the law.
Steve Eckersley, Head of Enforcement at the UK Information Commissioner’s Office, said: “Anyone with children knows how many websites and apps are now targeted at them, and how popular they are with children. That’s true from Canada to Columbia, and the same concerns exist around what information the companies behind these services are gathering. In the UK, we’re clear that apps and websites should not gather more personal data than they require, and operators should be upfront about how and why they collect information and how they use it. These principles are true whatever the audience, but they are especially true where children are concerned. This research should give us a valuable insight into whether companies in the UK are operating compliantly, as well as how that fits with what is happening around the world.”
Providers of websites and apps that interact with children must provide transparent and plain language privacy notices for children and their parents in order to explain how any personal data is being collected, used and shared. Children are unlikely to think about their privacy and there is an onus on service providers to be responsible with the way they interact with children and their personal data. There are, however, so many new apps that are used by children that are not always compliant with data protection and data security laws, and this “sweep” is a wake-up call!