March 25, 2026
The results of the latest Global Privacy Enforcement Network sweep highlight how child-friendly practices on websites and mobile applications can protect children’s privacy online.
The global sweep, which involved 27 data protection and privacy authorities from around the world, examined almost 900 websites and apps that are used by children. While some are designed for children’s use more specifically, others are used by the general population but are popular with children.
The sweep participants looked at these platforms’ mechanisms and practices relating to the collection of users’ personal information, as well as those relating to transparency, age-assurance, and to limiting data collection. By replicating a children’s privacy sweep that was conducted by this network in 2015, participating authorities were able to compare how online services protected children then and now.
Overall, sweep participants observed good practices to protect children and their personal information, such as notifications advising children not to use their real names or upload images, as well as having location sharing disabled by default.
That said, participants also noted practices that raised concerns about children’s privacy, and that some risks may have increased over the last 10 years. For example, compared to 2015, more of the online services used by children now require users to provide their personal information to access the full functionality of the platform. In addition, more platforms indicated in their privacy policies that they may share personal information with third parties.
As relates to the use of age assurance mechanisms to restrict children’s access or interaction with online services, participants noted that these had increased, but that such measures could be easily circumvented – a particular concern in instances where websites and apps had inappropriate content or high-risk data processing and design features for children.
The privacy sweep is not an investigation, nor is it intended to conclusively identify compliance issues or legal contraventions. Concerns identified during the sweep could support targeted advice and engagement with organizations or enforcement actions in the future.
This year’s sweep was coordinated by the Office of the Privacy Commissioner of Canada, the United Kingdom Information Commissioner’s Office, and the Office of the Data Protection Authority of the Bailiwick of Guernsey.
Quick facts
Sweep participants evaluated the websites and mobile applications based on five indicators, which largely mirrored those from the 2015 sweep.
For each indicator, the sweep found:
- Age assurance: For 72% of websites and mobile applications reviewed, participants were able to circumvent age assurance measures, most often where self-declaration was used.
- Collection of children’s data: More than half (59%) of the websites and mobile applications required the collection of an email address to access the full functionality of the platforms, followed by 50% requiring usernames, and 46% requiring geolocation. Overall, participants noted an increase in the collection of certain types of information compared to 2015.
- Protective controls: 71% of the websites and mobile applications did not have information about protective controls and privacy practices that were tailored to children.
- Account deletion: More than one third (36%) of the websites and mobile applications did not provide an accessible way to delete accounts.
- Inappropriate content and high-risk design features: Only 35% of the websites and mobile applications identified as having high-risk data processing and design features for children had privacy information, such as a pop-up, directing a young person to seek permission from their parents to continue using the website or app.
About the Global Privacy Enforcement Network
The Global Privacy Enforcement Network was established in 2010 upon recommendation by the Organisation for Economic Co-operation and Development (OECD). The network’s aim is to foster cross-border cooperation among privacy regulators in an increasingly global market in which commerce and consumer activity relies on the seamless flow of personal information across borders. Its members work together to strengthen personal privacy protections in this global context. The informal network is comprised of more than 80 data protection and privacy authorities from around the world.
The privacy sweep is an annual initiative aimed at increasing awareness of privacy rights and responsibilities, encouraging compliance with privacy legislation, and enhancing cooperation between international data protection and privacy authorities.
Related links