• Holland And Barrett Vitamins Gibraltar Offer

Sep 04 - GRA Raises Concerns About Children's Privacy Online

Written by YGTV Team on .

Along with other privacy enforcement authorities from around the world, the Gibraltar Regulatory Authority, as the Data Protection Commissioner, reviewed websites and mobile applications to identify issues relating to children’s privacy.

The project raised concerns about 41% of the 1,494 websites and apps considered, particularly around how much personal information was collected and how it was then shared with third parties.

Results included:

  •   67% of sites/apps examined collected children’s’ personal information.

  •   Only 31% of sites/apps had effective controls in place to limit the collection of personal information from children. Particularly concerning was that many organisations whose sites/apps were clearly popular with children, simply claimed in their privacy notices that they were not intended for children, and then implemented no further controls to protect against the collection of personal data from the children who would inevitably access the app or site.

  •   Half of sites/apps shared personal information with third parties.

  •   22% of sites/apps provided an opportunity for children to give their phone number and 23% of sites/apps allowed them to provide photos or video. The potential sensitivity of this data is clearly a concern.

  •   58% of sites/apps offered children the opportunity to be redirected to a different website.

  •   Only 24% of sites/apps encouraged parental involvement.

  •   71% of sites/apps did not offer an accessible means for deleting account information.

Together with results from a local survey undertaken earlier this year, which suggests that young persons are very active on websites and apps, the Commissioner considers the results of this year’s Global Privacy Enforcement Network (“GPEN”) Privacy Sweep worrying.

The Commissioner considers that children are in the process of developing their physical and psychological maturity, and therefore require more protection than other persons; this principle applies to data protection. It is therefore important for data controllers to recognise the vulnerability of a child that is yet to develop their physical and psychological maturity, and that they aim to compensate this by providing adequate protection and care. Data controllers need to act fairly in a manner that recognises the vulnerability of a child, and only process personal data that is adequate, relevant and not excessive, respecting the best interests of the child.

The Commissioner will work on the issues identified with its counterparts internationally. Authorities will consider whether further action is needed against the specific sites and apps reviewed, and whether or not there are cases that should be addressed by coordinated international action.

While the project focused on privacy practices, authorities also noted concerns around the inappropriate nature of some advertisements on websites and apps aimed at children.

The project did find examples of good practice, with some websites and apps providing effective protective controls, such as parental dashboards, and pre-set avatars and/or usernames to prevent children inadvertently sharing their own personal information. Other good examples included chat functions which only allowed children to choose words and phrases from pre-approved lists, and use of just-in-time warnings to deter children from unnecessarily entering personal information.

GPEN aims to improve global enforcement cooperation around privacy legislation. This is the third annual sweep, and follows reports on the privacy practice transparency of websites and mobile privacy.

This year’s GPEN Privacy Sweep saw 29 data protection regulators around the world look at websites and apps targeted at, or popular among, children. 

{fcomment

share with Whatsapp