Children face greater privacy risks today than a decade ago and tech companies are to blame
New data from 27 data protection authorities across five continents shows that children’s digital experiences have significantly deteriorated since 2015.
As part of the annual Global Privacy Enforcement Network (GPEN) sweep, 27 data protection authorities from five continents analysed nearly 900 websites and apps commonly used by children to explore the risks they face in the digital world. Their findings are unambiguous: children today face more pervasive privacy risks than they did in 2015.
Over the past decade, tech companies have systemically failed to design digital products and services with children in mind. Many have made children’s access to the digital products and services they rely on for their education, healthcare, and relationships conditional on surrendering to relentless data extraction. More and more websites and applications now require personal information simply to function and the age assurance measures introduced to demonstrate corporate responsibility are, in 72% of cases, easily bypassed.
Most damaging of all, the findings also suggest that tech companies exacerbate existing inequalities among children. Risky design practices are more commonly embedded in free services which are more likely to be used by children from lower-income and marginalised background.
This is not a new pattern. Last year’s GPEN sweep found that 99% of websites and apps use deceptive design to manipulate users for commercial gain and that these patterns are significantly more prevalent on websites and apps aimed at children.
Reacting to the findings, 5Rights Head of International Affairs, Marie-Ève Nadeau, said:
“It is deeply concerning to see children’s privacy continue to deteriorate when strong standards like the Age Appropriate Design Code and the IEEE 2089.1 on privacy-preserving age assurance have already shown what good looks like. The problem is that weak implementation and the absence of meaningful enforcement have allowed tech companies for evade accountability for too long. Regulators now have both the tools and the responsibility to act decisively. Without robust and swift enforcement, children will remain exposed to harmful content, predatory interactions and exploitative data practices.”
As we mark the fifth anniversary of UNCRC General comment No. 25, the global roadmap for realising children’s rights in the digital environment, regulators have both the tools and the obligation to act. 5Rights’ international best practices blueprint sets out a clear path forward to hold tech companies accountable to build a digital environment designed with children in mind.