From the 11th to the 15th of May this year, 26 privacy enforcement authorities from around the world, including the Irish Data Protection Commissioner, will take part in the third Global Privacy Enforcement Network (“Sweep”). The Global Privacy Enforcement Network was established to enhance co-operation between privacy enforcement authorities. This year's Sweep will focus on privacy issues around mobile apps and websites that target children.
During Sweep week participants, such as the Irish Data Protection Commissioner Helen Dixon, will select apps or websites that target or are popular with children. These website/apps will be assessed for:
- Protective measures put in place to limit the collection of personal information from children;
- Parental involvement;
- Ability to delete personal information;
- Whether privacy communications are appropriately tailored to the age group.
Concerns identified during the Sweep may result in follow-up contact with organisations and/or enforcement action. More generally, the Sweep's goals will be to raise awareness of privacy rights and responsibilities, to encourage compliance with privacy legislation and to identify concerns that may be addressed through education or enforcement.
Currently, the EU Directives on Data Protection and the Irish Data Protection Acts 1988 and 2003 do not include any specific guidance on children in relation to data protection. However, the proposed new EU Data Protection Regulation (the "Regulation") contains explicit recognition of the need to give special attention to the data protection rights of children. It currently proposes that the personal data of a child under 13 years cannot be processed without the consent of a parent or guardian. However the form and content of the Regulation is still to be agreed by European policymakers and it is unlikely that the new rules will come into effect before 2017.