For the 12-and-under online ‘Swifties’ that log-in to TaylorSwift.com, there’s plenty of opportunity to dish out their personal information, but no apparent recourse to “shake it off” and delete that data, according to a new report issued by the Privacy Commissioner of Canada.
Children can input their username, email, full name, a photo, date of birth, city, gender, and even occupation into the website. A barrier thrown up by requiring users to be 13 or over can be easily fooled by inputting a different year (tip: one before 2003). The site also redirects users to third-party sites that could collect all matter of personal details. While the site’s privacy policy invites users to delete personal information via the “My Account” area of the site, privacy sweepers couldn’t find that function.
Privacy assessment of Swift’s website is just one of 1,494 websites and mobile apps completed by the commissioner’s office alongside 28 privacy enforcement agencies around the world. It’s the third such Global Privacy Enforcement Network sweep organized and conducted May 11-15. The agencies recruited a team of privacy sweepers, including nine children, to assess the privacy practices found on sites that frequently entertain a child audience. If you’re a parent (or a minor), the results are worrisome.
Many websites “are failing to provide adequate protective controls to effectively limit the collection of personal information from children and are redirecting children to other sites with different privacy protection policies and sometimes questionable content,” states the privacy commissioner’s office in a press release.
The commissioner’s sweepers focused on 172 websites, many that are based in Canada. It found that almost two-thirds of those sites contained links redirecting children to other sites, often via an ad or call-to-action to take part in a contest. Also, 62 per cent of websites mentioned that they may disclose information to a third party.
While sweepers felt comfortable with children using 77 per cent of websites intended for children, things were different when it came to websites popular with children. Sweepers were comfortable with just 46 per cent of those sites or apps.
The commissioner has some best practices that Taylor Swift, and other sites that are often visited by children, may want to adopt:
- Don’t collect personal information from children. Offer protective controls like pre-set avatars and usernames. This avoids children inputting their real names or photos.
- Don’t offer a chat tool that allows children to type in whatever they want. Offer a system that allows selection of words and phrases from a pre-approved list.
- Include a parental dashboard to control privacy settings for children.
