OPC Privacy Sweep: 876 Apps Examined for Children's Privacy

News release

OPC examines websites and apps used by children as part of global privacy sweep

March 25, 2026 – Gatineau, Quebec

The Privacy Commissioner of Canada, along with 26 data protection and privacy authorities from across Canada and around the world, has concluded a global privacy sweep that highlights how child-friendly practices on websites and mobile applications can protect children’s privacy online.

The sweep was coordinated by the Office of the Privacy Commissioner of Canada (OPC), the United Kingdom Information Commissioner’s Office, and the Office of the Data Protection Authority of the Bailiwick of Guernsey.

Participants in the Global Privacy Enforcement Network sweep examined how nearly 900 websites and apps collect children’s personal information and looked at issues such as transparency about privacy practices, use of age-assurance mechanisms, and the application of privacy protective controls to limit data collection.

The sweep was similar to one conducted in 2015, allowing participating authorities to compare how online services have protected children and used their data over time.

Overall, sweep participants observed good practices to protect children and their personal information, such as notifications advising children not to use their real names or upload images, as well as having location sharing disabled by default.

Sweep participants also noted practices that raised concerns about children’s privacy, and that suggest that some risks may have increased over the last 10 years. For example, compared to 2015, more online services used by children now require users to provide their personal information to access the full functionality of the platform. In addition, more platforms indicated in their privacy policies that they may share personal information with third parties.

The sweep also found that the use of age-assurance mechanisms to restrict children’s access or interaction with online services had increased. However, participants found that such measures were often easily circumvented – a particular concern in instances where websites and apps had inappropriate content or high-risk data processing and design features for children.

The sweep supports Privacy Commissioner of Canada Philippe Dufresne’s strategic priority of championing children’s privacy.

Quote

“To become active and responsible digital citizens, children and youth need to be able to explore and experiment online with confidence and autonomy, knowing that it is a safe space for them. This is why it is so important that organizations respect children’s fundamental right to privacy by building strong privacy and data protections directly into products and services that are used by children.”

Philippe Dufresne
Privacy Commissioner of Canada

Quick facts: A then and now look at sweep data

Sweep participants from around the world assessed 876 websites and apps based on five indicators, which largely mirrored those from the 2015 sweep. The following is an overview of the results:

| Indicator | Global results | |
| | Today | 2015 |
| Age assurance | 45% of websites and apps use a form of age assurance

For 72% of these websites and apps, participants were able to circumvent age-assurance measures, most often where self-declaration was used | 15% of websites and apps used a form of age assurance |
| Collection of children’s data | 59% of websites and apps required the collection of an email address to access the full functionality of the platforms followed by 50% that required usernames, and 46% that required geolocation | Overall, websites and apps were less likely to require the collection of certain types of personal information, including name, phone number and address |
| Protective controls | Among websites and apps for which sweep participants identified high-risk data processing and design features for children, only 35% had privacy communications prompting parental involvement and 25% had parental dashboards

Within the websites and apps that featured content that could be deemed inappropriate for children, only 35% had privacy communications prompting parental involvement and 27% had parental dashboards | Only 24% requested parental involvement, while 14% offered a parental dashboard |
| Account deletion | 64% of websites and apps provided an accessible way to delete accounts | 29% of websites and apps provided an accessible way to delete accounts |
| Inappropriate content (i.e. content related to sex, self-harm, bullying, abuse, hate, etc.) and high-risk data processing and design features (i.e. complex language, geolocation and public by default settings, behavioural profiling, etc.) | 35% of websites and apps had inappropriate content for children, while 38% had high risk data processing and design features | No data available |
| Overall comfort level of sweep participants | Sweep participants were not comfortable with children using 41% of the websites and apps reviewed | Sweep participants were not comfortable with children using 30% of the websites and apps reviewed |

About the Global Privacy Enforcement Network

The Global Privacy Enforcement Network was established in 2010 upon recommendation by the Organisation for Economic Co-operation and Development (OECD). The network’s aim is to foster cross-border cooperation among privacy regulators in an increasingly global market in which commerce and consumer activity relies on the seamless flow of personal information across borders. Its members work together to strengthen personal privacy protections in this global context. The informal network is comprised of more than 80 data protection and privacy authorities from around the world.

The privacy sweep is an annual initiative aimed at increasing awareness of privacy rights and responsibilities, encouraging compliance with privacy legislation, and enhancing cooperation between international privacy enforcement authorities.

Related link

• GPEN Sweep Report: Children’s Privacy

Media contact

Office of the Privacy Commissioner of Canada
communications@priv.gc.ca

Date modified:

2026-03-25