The study, titled Global Privacy Enforcement Network, was conducted in 21 countries. CBC News reports it examined 1,494 apps, websites and games covering services targeted specifically at children as well as those that are generally popular with younger audiences. The latter category includes music fan sites, zoos and museums.
The findings are worrying to privacy advocates. 67 per cent of the websites and apps surveyed collected information including names, email addresses and photos from children. Fifty-one percent reserved the right to give this information to third parties.
Sites belonging to popular musicians Taylor Swift and Justin Bieber were found to be particularly insensitive when collecting data from users including children. Social networking site Gurl.com, aimed at teenage girls, allows children to post large amounts of very personal information using public privacy settings.
Not every site was found to be exploiting its position. Harry Potter fan site pottermore.com was praised for protecting children by enforcing a policy of allocated usernames, preventing them from inadvertently revealing their real name online. Sites including Lego.com specifically rejected information regarding name, age and location. Unfortunately, the majority did not fare so favourably.
The data is probably being used to fuel online advertising and tracking so that ad providers can target their content to the audience. The morality of continuing this practice when the audience is young children is a major point of contention.
CBC News reports Privacy Commissioner Daniel Therrien, of the Office of the Privacy Commissioner Canada (OPC), said: “Too many developers are collecting particularly sensitive personal information such as photos, videos and the location of children, and often allowing it to be posted publicly, when there are clearly ways to avoid it.”
The OPC was responsible for analysing 172 of the 1,494 apps and websites surveyed. It singled out the Bracebridge amusement park in Ontario, address Santasvillage.ca, for engaging in particularly bad practice that prompted children to enter their full name and email address so they could “get on Santa’s nice list.” The theme park actually subscribed them to an email mailing list used for marketing news, contests and special offers.
Of even more concern to privacy advocates is that 58 percent of sites redirected children to external sources. These were sometimes wholly inappropriate for their age group with some services linking to dating services and alcohol promotions via contests and adverts. The privacy sweep found it especially alarming that some services tried to rid themselves of any legal responsibilities for their actions by implementing convoluted privacy policies stating they were not designed for use by minors.
Seventy-one percent of the 1,494 apps and websites analysed had no easy way to delete a user account and only 14 percent allowed a parent to adjust security and privacy controls on behalf of their child. The survey conductors said they would feel comfortable with their children using 77 percent of the specifically child-targeted apps and websites but only 46 percent of the larger-audience ones where children are mixed with adults.