The third annual privacy sweep conducted by the Global Privacy Enforcement Network (GPEN), a cross-border network of privacy regulators, has yielded good news and bad news for children’s apps and websites. The bad news—a May 2015 GPEN survey raised privacy concerns about 41% of the 1,494 children’s apps and websites examined. The United Kingdom Information Commissioner’s Office (ICO) expressed particular concerns about children’s apps and sites that collect more information than needed to provide their intended service and those that share information with third parties. The ICO also noted that such services frequently failed to disclose how they used the collected information, with many using generic privacy policies. The report did, however, cite several examples of good practices, such as centralized “dashboards” for parental controls and settings that limited how much information children could share.
For its part in the global sweep, the FTC released a follow-up to its December 2012 report on children’s mobile app privacy. The report found that the percentage of apps that link to their privacy policy before downloading rose from 20% in 2012 to 45% in 2015. The report cited several possible reasons for the improvement, including a January 2013 update to the Children’s Online Privacy Protection Act (COPPA) regulations that broadened the definition of children’s “personal information” to include photos, videos, audio recordings, and persistent online identifiers. The Apple app stores also now requires apps in its “Kids” category to provide a direct link to a privacy policy. However, the FTC continues to emphasize that there is “more work to be done” to remedy the “significant portion of kids’ apps [that] still leave parents in the dark about the data collected about their children.” More findings from the report will be released in the coming weeks.
The GPEN sweep findings reflect the persistent concerns of regulators around the world about children’s online privacy. To avoid scrutiny from the FTC and other regulators, sites and apps targeted at children should post clear and easy-to-find privacy disclosures, strive to minimize the amount of data collected from children, carefully evaluate the use of in-app advertising, and ensure they are COPPA-compliant when they do collect personal information from kids.