Earlier this year the UK Information Commissioner’s Office (ICO), along with 28 other data protection regulators from around the world, announced an investigation into how websites and apps – squarely aimed at children – were collecting and sharing personal information.
The results are now in.
In an announcement yesterday, the ICO explained how the overall picture painted by the international investigation was not a pretty one.
The collection of watchdogs, collectively known as the Global Privacy Enforcement Network (GPEN), said 41% of the 1494 apps and websites it examined raised concerns over how data was being collected and shared with third parties.
The privacy sweep found many apps and websites were playing fast and loose with personal information – with just over 2 in 3 collecting childrens’ names and email addresses.
The ICO and its partners also discovered how only 31% of sites and apps were taking proactive measures to limit data collection from children.
Especially alarming, it said, were the number of child-centric services that passed off a failure to implement additional safeguards against collecting kids’ data by waiving responsibility through privacy policies that stated they were not designed for use by minors.
Given the publicity attracted by recent high-profile data breaches and the consequences for those whose personal information was subsequently leaked, it may, perhaps, concern parents to learn that around half of the sites examined by GPEN were happily and willingly sharing their children’s data with third parties.
Also, considering the occasionally dark nature of the world we live in, anyone with responsibility for a child’s welfare may well not like the revelation that just under 1 in 4 sites and apps gave kids the opportunity to upload their photo or add video clips. 22% of the services looked at also allowed youngsters to hand over their phone numbers.
Sadly, despite the potential problems posed by allowing children to share too much data, only 24% of the tested apps and websites encouraged any sort of parental oversight.
What’s more, should a concerned adult discover that their offspring is revealing too much personal information, the options for remedying the situation are few and far between – with 71% of the investigated services making it difficult or impossible to delete accounts.
Adam Stevens, head of the ICO’s intelligence hub said:
These are concerning results. The attitude shown by a number of these websites and apps suggested little regard for how anyone's personal information should be handled, let alone that of children.
Fortunately, it’s not all bad news – the ICO says the project did find some examples of websites and apps offering effective controls. The privacy regulator observed examples of good practice including parental dashboards, pre-configured usernames and avatars (which remove the temptation to enter identifying images and real names), as well as chat rooms which control the range of language permissible on the site, in addition to offering warnings when children attempted to input personal information.
Speaking for the ICO, Stevens said he hopes letters sent to the offending UK websites and app developers will be sufficient to persuade them to make the required changes. Should that not be the case, the Commissioner has not ruled out enforcement action where necessary – a breach of the Data Protection Act and its eight principles for data use, retention, storage and transfer could land a firm with a fine of up to £500,00 (approx $764,000).
The US Federal Trade Commission (FTC), another member of GPEN, is also making efforts to protect kids from unwarranted data collection and sharing.
In 2012, the FTC published a report which said that many kids’ apps were collecting far more data than necessary and then sharing it with third parties. This, it said, all took place without parents’ knowledge or consent.
More recently, in January 2014, the FTC came to a $32.5 million settlement with Apple after arguing that its app-buying process could have been much clearer.
In a similar settlement in September 2014, Google handed over $19 million to the FTC over claims that it was too easy for children to make in-app purchases.
If stories about child privacy concern you – and, if you are a parent, they probably should do – there is much you can do to protect your kids both on the internet and through the apps that they use.
A good place to start would be by educating yourself on where your kids go online.
Familiarise yourself with these 7 popular apps and websites that parents should be aware of. Also, while Facebook may not be the go-to place for teenagers, it is still worth checking out our safety tips for the world’s largest social network.
And, given the popularity of smartphones and tablets, these 10 tips for keeping devices secure may also prove useful.