On May 11, 2015, the French Data Protection Authority (“CNIL”) announced that it will participate, along with 28 other data protection authorities (“DPAs”) in the Global Privacy Enforcement Network (“GPEN”), in a joint online audit to assess whether websites directed toward children comply with global privacy laws.
The joint effort will run from May 11 to 15, and will target child-directed websites, such as gaming websites, social networking websites and educational websites. Specifically, the CNIL and the other DPAs will verify whether the targeted websites:
- Seek parents’ consent before allowing children to use the services offered or provide personal data;
- Raise public awareness regarding privacy;
- Provide a privacy notice tailored to younger audiences (g., clear language, animated images, etc.); and
- Facilitate the erasure of personal data provided by children.
As in prior years, the CNIL will use an analysis grid that is common to all DPAs participating in the joint audit to obtain (1) a global picture of the privacy practices of child-directed websites and (2) details about practices common to particular jurisdictions. The results of the joint audit will be made public in Fall 2015.
The CNIL stressed that it could conduct further inspections and launch sanctions proceedings if its initial findings reveal serious breaches of the French Data Protection Act. Other DPAs participating in the joint audit may take similar action.