- within Strategy and Compliance topic(s)
- with Senior Company Executives, HR and Inhouse Counsel
- with readers working within the Accounting & Consultancy and Law Firm industries
On March 25, 2026, the Office of the Privacy Commissioner of Canada (OPC), together with 26 privacy regulators who are part of the Global Privacy Enforcement Network (GPEN), conducted a sweep examining nearly 900 websites and apps used by children.
The sweep is an annual initiative aimed at increasing awareness of privacy rights and responsibilities. A decade after GPEN's first children's privacy sweep, this year's initiative focused on issues such as transparency, age-assurance mechanisms, and privacy-protective controls, offering insight into the evolution of children’s privacy.
Key findings:
- Age assurance: 45% of websites and apps now use age assurance, a significant increase from only 15% in 2015.
However, participants were often able to circumvent age-assurance measures, especially where self-declaration was used. This is particularly concerning where websites and apps had inappropriate content or high-risk data processing features for children.
- Collection of personal information: 59% of websites and apps required the collection of an email address to access full platform functionality, 50% required usernames and 46% required geolocation.
Compared to 2015, more online services now require users to provide personal information to access full functionality, and 85% of privacy policies indicated that personal information may be shared with third parties, up from 51% in 2015.
- Protective controls: For websites and apps with high-risk data processing and design features for children, only 25% had parental dashboards and 35% had communications prompting parental involvement.
Similar results were found for platforms with inappropriate content for children. However, positive practices were observed, such as warnings advising children not to use real names or upload images, location sharing disabled by default, and filtered chats for younger users.
- Account Deletion. 64% of websites and apps provided an accessible way to delete accounts, a significant improvement from only 29% in 2015.
Over one third still do not offer accessible deletion, with participants describing some processes as "laborious" and "practically impossible for children."
- Inappropriate content and high-risk features: 35% of websites and apps had inappropriate content for children, while 38% had high-risk data processing and design features.
Risky features, such as behavioural profiling, was found in combination with inappropriate content such as self-harm and eating disorder content. Overall, participants are uncomfortable with children using the websites and apps reviewed in 41% of cases compared to 30% in 2015.
Strategic context
This initiative is a direct expression of the third strategic priority in the OPC's 2024–2027 Strategic Plan, which aims to "[e]nsur[e] that children’s privacy is protected and that young people are able to exercise their privacy rights."1
The plan emphasizes enhancing knowledge and expertise, engaging youth through informed education and outreach, applying a children's privacy lens to compliance work, and cultivating networks and partnerships for broader impact. The sweep directly advances those objectives by identifying areas where organizations must improve their practices and where enforcement action may be warranted.
Footnote
1. Office of the Privacy Commissioner of Canada, Strategic Plan 2024-2027: A roadmap for trust, innovation and protecting the fundamental right to privacy in the digital age, p. 12.
Read the original article on GowlingWLG.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]
