This content was last updated about 5 years ago.
Some items may be out of date!
GATINEAU, QC, Oct. 24, 2017 / CNW / - The search of some frequently used online applications in Canadian classrooms has shown that many service providers are considering the privacy needs of young users. private life; however, others have certain shortcomings.
"We are pleased to note that many of the application developers we studied take the necessary steps to protect the privacy of children and young people, for example by offering child-friendly explanations so that they understand why personal information is collected, ”says Daniel Therrien, Privacy Commissioner of Canada.
“Unfortunately, we have seen cases of educational applications that need to do better. We are concerned that there are websites that encourage students to provide more personal information than necessary. "
The Office of the Privacy Commissioner of Canada (OPC) participated in the fifth annual Global Privacy Enforcement Network (GPEN) privacy sweep, which also included 24 data protection regulators from all over the world.
This year, the OPC worked with the Office of the Information and Privacy Commissioner of Ontario (IPC) to examine certain privacy issues related to applications. educational programs aimed at children and youth in Kindergarten to Grade 12. Together, the two organizations examined more than twenty applications and platforms.
The "scavengers" examined the privacy policies of the applications as well as the personal information collected and the measures put in place to protect personal information.
In response to the sweep, the OPC produced a report detailing the main points to remember for providers of online educational services and tools as well as for users.
Here are the main findings of the sweep:
- Most departments posted information on how they handle personal information, but the quality of this information was variable and sometimes difficult to find.
- Concerns were raised about how some services obtained consent for the collection and use of personal information. For example, more than a third did not seek consent from students or their parents, or provide teachers with the necessary resources to obtain it.
- Only a handful of services had different consent mechanisms in place for students based on age, which was surprising considering the differences in the ability of children of different ages to understand what is safe and healthy practices. appropriate protection of privacy.
- Some departments employed practices aimed at minimizing the collection and disclosure of student personal information and had controls in place that allow teachers and parents to supervise or set appropriate limits for students' age on the subject. collection and disclosure of their personal information. However, in some cases too much personal information was collected. For example, a blogging platform designed for use in schools used fields to collect instant messaging nicknames, photos, and student biographies.
- For many services, it was difficult, if not impossible, to delete personal information that was no longer useful.
The OPC sweep did not constitute an investigation. Nor was it intended to conclusively identify compliance issues or possible breaches of laws that protect privacy. Rather, the "scavengers" sought to live the user experience by spending a few moments on websites and applications to record certain privacy practices relative to a common set of metrics.
The initiative aims to encourage organizations to comply with privacy laws and improve cooperation between agencies responsible for enforcing privacy laws. Concerns raised during the sweep will give rise to follow-up work such as a targeted information campaign, sensitization of organizations or the implementation of law enforcement measures.
The main theme selected for the 2017 GPEN sweep was “user control over their personal information”. Participating regulators have taken different approaches to this initiative. Overall, the sweep demonstrated that website privacy statements are often too vague and generally inadequate.
About the Privacy Commissioner of Canada
Parliament has given the Privacy Commissioner of Canada the mandate to act as the ombudsman and guardian of privacy rights in Canada. The Commissioner is responsible for the application of two federal laws relating to the protection of personal information: the Privacy Act, which applies to the federal public sector, and the Personal Information Protection and Electronic Documents Act, which applies to private sector organizations in Canada.
GPEN privacy sweep 2017 - Key takeaways from online educational tools and services
News release from the Office of the Information and Privacy Commissioner of Ontario entitled "New IPC report on online teaching tools & best practices for protecting student privacy" (available in English only)
Statement from the UK Information Commissioner entitled "International enforcement operation finds website privacy notices are too vague and generally inadequate" (available in English only)
SOURCE Office of the Privacy Commissioner of Canada