The ICO will begin a review of websites and apps used by children today, as part of an international project to consider privacy concerns around the type of personal information services collect.
The ICO will look at 50 websites and apps, looking particularly at what information they collect from children, how that is explained, and what parental permission is sought. The websites and apps will include those specifically targeted at children, as well as those frequently used by children.
The same approach will be taken by 28 other privacy enforcement authorities from around the world, with a view to publishing a combined report in the autumn. The ICO will also consider action against any website or app that it finds to be breaking the Data Protection Act.
Steve Eckersley, ICO Head of Enforcement, said:
“Anyone with children knows how many websites and apps are now targeted at them, and how popular they are with children. That’s true from Canada to Columbia, and the same concerns exist around what information the companies behind these services are gathering.
“In the UK, we’re clear that apps and websites should not gather more personal data than they require, and operators should be upfront about how and why they collect information and how they use it. . These principles are true whatever the audience, but they are especially true where children are concerned. This research should give us a valuable insight into whether companies in the UK are operating compliantly, as well as how that fits with what is happening around the world.”
The work is coordinated by the Global Privacy Enforcement Network, and follows previous reports on website privacy policies, and how apps collect personal data. This year’s focus was chosen after privacy enforcement authorities identified a growing number of websites and mobile apps targeted at, or popular among, children.
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO is on Twitter, Facebook and LinkedIn. Read more in the ICO blog and e-newsletter.Our Press Office page provides more information for journalists.
- Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection