DPC Announces Joint Review Of Apps And Websites Targeting Children

Author:Mr Philip Nolan and Oisin Tobin
Profession:Mason Hayes & Curran

In recent weeks, the Office of the Irish Data Protection Commissioner (DPC) announced its participation in the Global Privacy Enforcement Network's (GPEN) annual privacy 'sweep'. The focus of the 2015 sweep is the data privacy practices of websites and apps aimed at or popular among children. This announcement follows last year's sweep which focused on app privacy compliance and discovered that a significant majority of apps did not provide enough information about how consumers' data would be used.

This year's theme was chosen as many DPAs had identified children as a key area of focus, given the spread of websites and mobile apps targeted at or popular among this demographic. The study involves a co-ordinated effort by 26 data protection authorities (DPAs) from around the world, with the initial investigation having been conducted between 11 May and 15 May 2015. Any issues identified during the sweep will result in follow-up work such as outreach to organisations, deeper analysis of app privacy provisions and possible enforcement action.

Background to GPEN

GPEN was established in 2008, following a recommendation by the OECD. Its goal is to foster cross-border cooperation among DPAs. This establishment of GPEN is motivated by the fact that commerce and consumer activity increasingly relies on the seamless flow of personal information across borders. The members of GPEN seek to work together to strengthen personal privacy protections in this global context. The informal network is comprised of approximately 50 DPAs across some 39 jurisdictions.

What will the 2015 sweep target?

This year's sweep will target websites and apps aimed at children, such as gaming websites, social networks and educational websites. Participating DPAs may choose to focus on either locally-developed apps and websites or those of multinational application.

As part of the initiative, participating DPAs will assess whether:

the apps and websites examined collect personal information from children and, if so, whether protective controls exist to limit such collection; the apps and websites reviewed seek parental involvement and whether they allow users to be redirected off the site to third party sites;  the ease with which one can request the deletion of personal information submitted by children; and privacy communications are tailored to the appropriate age group through methods such as simple language, large print, audio and animation. In addition to the...

To continue reading