French data protection authority highlights insufficient protection of children's privacy on the Internet

posted on 08 September, 2015   (public)

French data protection authority highlights insufficient protection of children's privacy on the Internet

In May 2015, 29 data protection authorities in the world (of which the French CNIL - Commission Nationale de l'Informatique et des Libertés), gathered in the Global Privacy Enforcement Network (GPEN - network of organizations operating within the OECD to protect privacy) and conducted a joint audit operation within 1494 sites and applications, called the Internet Sweep Day.

The objective was to check if the websites and applications visited by children and adolescents respected the rules protecting privacy. Conducted audits focused mainly on:

  • the type of data collected,
  • the level of information and its adaptation to the young public,
  • the presence of vigilance or control measures related to the young age of the audience.

On the occasion of this audit, the CNIL examined 54 websites visited by children and adolescents. These sites covered various fields related to young audiences interests: games, educational offers, social network, but also access to TV channels, web news or tutoring.

As a result of this audit, the following conclusions were reached by the CNIL:

  • the collection of personal data is made in a way which leaves rarely the possibility to delete an existing account: 87% of the sites examined by the CNIL (67% on average for its counterparts) collect personal data (IP address, identifier of the mobile terminal, location), deriving from the mandatory creation of a user account (name, email).
  • the particular lack of awareness among young people about the collection of their data.
  • a frequent redirecting to other sites, in particular to commercial ones.
  • the filing of cookies without information banner: all sites examined deposit cookies on the user's terminal upon his arrival on the home page without prior consent and most (63% of them) collect data without affixing the compulsory information banner.

In order to cope with this lack of protection of personal data on the Internet, the CNIL has published some practical tips for parents and managers of sites aimed for minors:

Source: CNIL website