Out-Law News 2 min. read
03 Sep 2015, 4:14 pm
A global privacy 'sweep' of websites and apps targeted at or popular among children by 29 data protection authorities from around the world highlighted poor privacy practices, the Information Commissioner's Office (ICO) said.
As part of the probe, the UK's data protection watchdog reviewed 50 websites. It said that the main concern it had was a lack of transparency over proposed use of data by site operators.
"The most common concern domestically was a lack of information being provided about how their information would be used," Adam Stevens, head of the ICO’s intelligence hub, said. "We saw generic privacy policies that simply weren’t specific enough, and some without any information at all, which isn’t good enough."
"We’ll now be writing out to the sites and apps that caused us concern, making clear the changes we expect them to make. We wouldn’t rule out enforcement action in this area if required," he said.
The ICO has issued guidance on what app developers can do to stay compliant with UK data protection laws.
In total, 1,494 apps and websites were assessed in the global privacy sweep that took place in May this year. More than two thirds of those apps and websites collected personal data (67%) and a majority "are collecting personal information from children – some of which can be particularly sensitive – and sharing it with third parties", Canada's data protection authority said.
Daniel Therrien, Canada's privacy commissioner, said: "Too many developers are collecting particularly sensitive personal information such as photos, videos and the location of children, and often allowing it to be posted publicly, when there are clearly ways to avoid it."
"Given the large number of apps and websites that say they may disclose the information to third parties, it raises questions about the appropriateness of tracking children for the purposes of, for example, advertising. It also raises all sorts of questions about the potential for harm to both reputation and well-being."
The ICO said that less than a third of websites and apps reviewed by the privacy watchdogs had "effective controls in place to limit the collection of personal information from children". It said that whilst many site and app operators stated in privacy notices that their services were not intended for children, they failed to implement "further controls to protect against the collection of personal data from the children who would inevitably access the app or site".
Both the ICO and the Office of the Privacy Commissioner of Canada said that the exercise had revealed good practices in places.
The ICO said there were examples of "protective controls" being deployed. These included "parental dashboards, and pre-set avatars and/or usernames to prevent children inadvertently sharing their own personal information", it said. Some apps and sites had also implemented "chat functions which only allowed children to choose words and phrases from pre-approved lists", the watchdog said.
The use of 'just-in-time' pop-up warnings by some operators was also praised by the ICO for helping "deter children from unnecessarily entering personal information".
However, as well as unnecessary collection and sharing of children's data, the privacy sweep had also highlighted that some adverts that appear on some apps and websites aimed at children are of an "inappropriate nature", the ICO said.