Article
Read more
22/05/2024Partner Carl Rohsler announces the publication of In Depth Gambling Law, published by Lexology
Memery Crystal Partner and leading gambling expert, Carl Rohsler, announces the publication of the ninth… Read more
Opinion.
Concerns raised by the GPEN over children’s privacy
16/09/2015
At a glance
The Global Privacy Enforcement Network (GPEN), a network of more than 50 privacy enforcement authorities from over 40 countries, recently co-ordinated an internet sweep, where 29 authorities, including the UK Information Commissioners Office (ICO), reviewed websites and mobile apps targeted at, or that were popular among, children.
The aim of the sweep was to establish if websites and mobile apps were collecting personal information from children, and if so, the amount and type of information, the safeguards and controls in place regarding any collection of personal data and whether communications of this collection was tailored appropriately to a young audience.
In detail
Results of the sweep
The results of the privacy sweep were alarming. Approximately 41% of the 1,494 websites and mobile apps reviewed did not having acceptable controls in place and the GPEN considered that there was a ‘lack of information in privacy notices on how the information would be used’.
Other results from the review included:
- 67% of the websites and apps reviewed were collecting personal information from children.
- Half of the websites and apps shared personal information with third parties.
- Only 31% of the websites and apps had effective controls in place to limit the collection of personal information from children.
- 22% of the websites and apps provided an opportunity for children to give their phone number and 23% of websites and apps allowed them to provide photos or a video.
- 58% of the websites and apps offered children the opportunity to be redirected to a different website.
- Only 24% of the websites and apps encouraged parental involvement.
- 71% of the websites and apps did not offer an accessible means for deleting account information.
Privacy authorities also noted concerns around the inappropriate nature of some advertisements on websites and apps aimed at children.
What now?
It is understood that privacy authorities will now consider whether further action is required against specific websites and apps, and whether or not there are cases that should be addressed by co-ordinated international action.
The ICO has announced that it will write to those website and mobile app publishers that caused concern, setting out clear instructions on the changes that will need to be made in order to comply with data protection laws. The ICO has not ruled out enforcement action against those that do not comply with its instructions.
What does this mean for websites and mobile apps targeted at children?
Greater care is needed when dealing with the personal information of children, so website and mobile app publishers should avoid using generic privacy policies and tailor them appropriately so that users know what data is being collected, why it is being collected and how this information will be used. The ICO highlighted the need for protective controls, such as parental dashboards, and pre-set avatars and/or usernames to prevent children inadvertently sharing their own personal information.
Guidance for website and app publishers targeting children
- Review what types of personal data you are collecting from children and ensure that it is necessary and not excessive.
- Personal data collected should only be processed in line with the purpose for which it was provided.
- Privacy policies should be tailored to the relevant audience (i.e. made easy for children to understand) and set out how a user can delete their account information.
- It should be easy to access a privacy policy from a website and mobile app. A link to the policy should also be placed at the point where the personal data is being entered.
- Look to obtain parental consent. In particular, we would recommend this where the collection of personal information is likely to result in:
- disclosure of a child’s name and address to a third party;
- use of a child’s contact details for marketing purposes;
- publication of a child’s image on a website that anyone can see;
- making a child’s contact details publicly available; or
- the collection of personal data about third parties, for example, where a child is asked to provide information about his or her family members or friends.
- If adverts are displayed on a website or app they should be appropriate for children.
Closing thoughts
The results of GPEN’s privacy sweep show that websites and apps are failing to adhere to the data protection laws, both at a domestic and international level. It is clear that the ICO will not stand back and continue to allow websites and mobile apps to operate in this way and changes to websites and privacy policies will be required.
If you are concerned that you might not be fully compliant of your data protection obligations and would like further advice then please contact a member of our team.
Tim Ryan
This publication is not intended to be a comprehensive review of data protection obligations related to websites and mobile apps targeted at children.
Related articles
Article
Read more
26/10/2023The Gambling Law Review/Lexology audio series: Partner Carl Rohsler explores the legal difference between financial investment and gambling.
In this five-part audio series in association with The Gambling Law Review and Lexology, Partner and renowned gambling… Read more
Article
Read more
06/10/2023The Gambling Law Review/Lexology audio series: Partner Carl Rohsler discusses how cultural views shape gambling laws.
In this five-part audio series in association with The Gambling Law Review and Lexology, Partner… Read more