Privacy and data protection is often a challenge for young, quickly growing organisations operating across multiple jurisdictions. The technology industry usually fits into all of these categories and needs to take particular care that it operates within the law when processing personal and sensitive data.
Last week, the information commissioner (ICO) announced that it is reviewing apps and websites marketed to or frequently used by children. This investigation is part of an international project to consider privacy concerns around the type of personal information services collect.
The ICO will look at 50 websites and apps, looking particularly at what information they collect from children, how that is explained, and what parental permission is sought. Interestingly, the websites and apps included in the review will not only include those specifically targeted at children but also those frequently used by children. And this is not just a UK issue. The same approach will be taken by 28 other privacy enforcement authorities from around the world, with a view to publishing a combined report in the autumn.
The ICO was also clear that they’d consider action against any website or app that it finds to be breaking the Data Protection Act. I’m sure many of the 28 other authorities will do the same.
We have found that a lot of the challenges in respect of privacy and data protection revolve around operational issues such as training and awareness, administration of data and the security of information being held. There is massive change underway in the regulation of privacy and data protection, particularly if you are working across multiple jurisdictions. If you would like an independent view on how you’re addressing these challenges, or just to talk through the implications of the impending changes, please get in touch.