The Office of the Privacy Commissioner of Canada has completed a global privacy sweep that spotlighted the implementation of child-friendly practices on websites and mobile applications to guard children’s online privacy.
The OPC coordinated the sweep with the United Kingdom Information Commissioner’s Office and the the Office of the Data Protection Authority of the Bailiwick of Guernsey. Twenty-six data protection and privacy authorities in Canada and worldwide participated in the sweep, which checked 876 websites and apps.
The Global Privacy Enforcement Network sweep determined how websites and apps obtained children’s personal information and examined their transparency regarding privacy practices, age-assurance mechanism use, and utilization of privacy protective controls to restrict data collection.
“To become active and responsible digital citizens, children and youth need to be able to explore and experiment online with confidence and autonomy, knowing that it is a safe space for them. This is why it is so important that organizations respect children’s fundamental right to privacy by building strong privacy and data protections directly into products and services that are used by children,” Philippe Dufresne, Canada’s privacy commissioner, said in a statement.
The sweep findings revealed that 45 percent of websites and apps implemented age-assurance mechanisms; however, the mechanisms could be bypassed in 72 percent of these, typically when self-declaration was the applied age-assurance mechanism.
Fifty-nine percent of websites and apps required users to input their email addresses to optimize platform use. Fifty percent requested username creation while 46 percent required geolocation.
Thirty-five percent of websites and apps contained content inappropriate for children – just 35 percent of these issued privacy communications urging parental involvement and 27 percent had parental dashboards.
Thirty-eight percent of websites and apps possessed high-risk data processing and design features; among these, only 35 percent prompted parental involvement and 25 percent incorporated parental dashboards.
Sweep participants said they were uncomfortable with children accessing 41 percent of all the websites and apps reviewed. Nonetheless, they noted that children were cautioned to not use real names or upload images; location services were also typically disabled.
A similar sweep was conducted in 2015.