Skip to content

Media Statements

Media Statements

Date: 11 May 2015

PCPD Examines Online Data Collection Practices Targeting Youngsters

(11 May 2015) The Office of the Privacy Commissioner for Personal Data ("PCPD") joined the Global Privacy Enforcement Network ("GPEN") to conduct a "Privacy Sweep" ("Sweep") from 11 to 15 May 2015, examining websites and mobile applications ("apps") for issues related to youth privacy. The theme was chosen as many privacy enforcement authorities have identified youngsters as a key area of focus, given the proliferation of websites and mobile apps targeted this vulnerable group.

The GPEN1 was established to foster cross-border cooperation among privacy enforcement authorities. This year, 28 privacy enforcement authorities from around the world (full list at Appendix), including the PCPD, participated in the Sweep to broaden public and business awareness of privacy rights and responsibilities; identify privacy concerns which need to be addressed; and encourage compliance with privacy legislation. Online privacy issues have been the PCPD's major focus in recent years. Similar exercises were conducted in 2013 and 20142 that looked at privacy issues associated with the use of local mobile apps.

The PCPD recognises that youngsters are the most active users of computers, smartphones and social networks. Acting Privacy Commissioner for Personal Data, Ms Fanny Wong, said, "The topic of youth privacy is of great importance to privacy enforcement authorities. Youngsters are frequently identified as one of the most vulnerable groups. Many parents worry about their children's online privacy, and are concerned that youngsters put themselves at risk of harassment and solicitation by revealing personal data, usually to marketers or to strangers on social networking sites. Whether youngsters are provided with an appropriate level of protection online remains an ongoing issue for privacy enforcement authorities."

In view of the widespread use of websites and mobile apps in Hong Kong, the PCPD will select those that primarily target youngsters to better understand the type of personal data being collected through these platforms.

"This Sweep exercise is significant, because it will not only reveal how websites and mobile apps that target youngsters collect their personal data, but also assesses whether: these platforms seek parental involvement, they allow users to be redirected to another site, they make it easy to delete personal data, and privacy communications are tailored to the appropriate age group through approaches such as simple language, large print, audio or animation," said Ms Wong. "We hope the privacy of youngsters can be further safeguarded after conducting this examination."

The results of this year's Sweep will be compiled and made public in autumn this year. Concerns identified during the Sweep may result in follow-up work, such as education and promotion, outreach to organisations and/or enforcement action.

- End -


2 Media statements about the Sweep results in 2013 and 2014:



Appendix – List of Participants in the 2015 Sweep


Name of the Privacy Enforcement Authority

Argentina National Directorate for Personal Data Protection of Argentina
Australia            Office of the Australian Information Commissioner
Victoria, Australia Office of the Commissioner for Privacy and Data Protection, Victoria, Australia
Belgium Privacy Commission of Belgium
Canada            Office of the Privacy Commissioner of Canada
Alberta, Canada Office of the Information and Privacy Commissioner of Alberta
British Columbia, Canada Office of the Information and Privacy Commissioner for British Columbia
Quebec, Canada Commission d'accès à l'information
Colombia Superintendence of Industry and Commerce of Colombia
Estonia Estonian Data Protection Inspectorate
France  Commission Nationale de l'Informatique et des Libertés
Germany Federal Commissioner for Data Protection and Freedom of Information
Bavaria, Germany Data Protection Supervisory Authority of Bavaria
Berlin, Germany Berlin Data Protection Commissioner
Hessen, Germany Data Protection Commissioner of Hessen
Gibraltar Gibraltar Regulatory Authority
Ireland  Office of the Data Protection Commissioner
Israel Israeli Law, Information and Technology Authority
Italy Garante per la protezione dei dati personali (Italian Data Protection Authority)
Mexico Federal Institute for Access to Information and Data Protection
Norway Norwegian Data Protection Authority
New Zealand   Office of the Privacy Commissioner
Republic of Macedonia Directorate for Personal Data Protection
United Kingdom United Kingdom Information Commissioner's Office
United States Federal Communications Commission
United States Federal Trade Commission
Macao SAR Office for Personal Data Protection
Hong Kong SAR Office of the Privacy Commissioner for Personal Data, Hong Kong