Kids’ apps and websites set for scrutiny by ICO and other privacy watchdogs

Children's data privacy.Privacy watchdogs in 29 countries, including the UK, Germany and France, are set to look at how websites and apps aimed at children collect personal information, and whether they comply with data protection laws.

The watchdog collective – known as the Global Privacy Enforcement Network (GPEN) – will report on its findings in the autumn.

As part of the global review, the UK Information Commissioner’s Office (ICO) will analyse 50 sites and apps used by children, including “those specifically targeted at children, as well as those frequently used by children.”

If, as part of the review, the ICO discovers any websites or apps that are breaking the Data Protection Act (DPA), it says it will consider taking appropriate enforcement action.

The DPA requires organisations that collect data to adhere to eight principles for data use, retention, storage and transfer – and violations of the law could lead to fines of up to £500,000 (approx $780,000).

In a statement the ICO’s Head of Enforcement, Steve Eckersley, said:

Anyone with children knows how many websites and apps are now targeted at them, and how popular they are with children. That's true from Canada to Colombia, and the same concerns exist around what information the companies behind these services are gathering.

In the UK, we're clear that apps and websites should not gather more personal data than they require, and operators should be upfront about how and why they collect information and how they use it.

In a similar study last year, GPEN analysed 1211 apps, concluding that 85% of those apps were failing to explain how they were collecting, using and disclosing personal information.

Over half of the apps in the GPEN study left users unable to discover basic privacy information and one in three appeared to request an excessive number of permissions to access personal information.

As Eckersley says, the principles of privacy and data protection are of greater significance where children are concerned:

These principles are true whatever the audience, but they are especially true where children are concerned. This research should give us a valuable insight into whether companies in the UK are operating compliantly, as well as how that fits with what is happening around the world.

The ICO’s drive to ensure that developers of kids’ apps and websites are respecting the law is comparable to enforcement actions in the US.

The US Federal Trade Commission (FTC) published a report in 2012 claiming that many children’s apps were collecting large amounts of personal information and sharing that data with third parties, all without the knowledge or consent of parents.

In January 2014, the FTC settled with Apple for $32.5 million after arguing that its app-buying process was not as clear as it could have been.

Then, in September 2014, the FTC settled with Google for $19 million over claims that it was far too easy for children to make in-app purchases.

In the UK, the ICO has issued guidelines for app developers to stay compliant with UK data protection laws.

The document details how apps should inform users about collection and use of their data, and explains that children’s apps should use language a child can understand.

If you’re a parent and concerned about what your kids are getting up to online, you might also like to check out our article on 7 apps and websites you should be aware of.

Image of child using smartphone courtesy of Shutterstock.