Jersey’s data watchdog was part of an international children’s privacy sweep which found that so-called age checks designed to keep children safe online are largely failing.
The Jersey Office of the Information Commissioner was one of 27 authorities worldwide to take part in a co-ordinated “sweep” of websites and apps used by children.
The exercise, led by the Global Privacy Enforcement Network, examined hundreds of platforms to assess how well they protect young users.
While the global effort identified some good practice, sweepers reported they were able to bypass age assurance measures in 72% of cases – 460 out of 641 platforms tested – most commonly where sites relied on simple self-declaration, such as entering a date of birth.
In practical terms, this means children can easily access services that may expose them to harmful content or risky data practices.
The report warns that additional safeguards – such as basic maths questions or prompts for parental consent – could often be sidestepped “by re-installing an app or clearing cookies”.
Sweepers said they would not feel comfortable with children using 41% of the services assessed due to a combination of harmful content and intrusive data practices.
For Jersey’s Information Commissioner, Paul Vane, the findings underline the importance of the island playing its part in global enforcement efforts.
“Championing and protecting children’s privacy sits at the very heart of the Jersey Data Protection Authority’s strategic priorities,” he said.
“Joining forces with international partners for this global privacy sweep reinforces our commitment to helping to foster a safer digital environment to protect children’s personal information by setting clear standards for organisations, promoting responsible design of digital services, and taking strong enforcement action where risks to children are identified.”
Mr Vane explained that the Jersey Office of the Information Commissioner’s strategic priorities for the coming years set “clear standards” for responsible use, development and deployment of AI-driven technologies.
The global sweep looked at 876 websites and apps popular with children, ranging from social media and gaming to education and entertainment platforms.
Although there have been improvements over the past decade – including a rise in the use of age assurance tools – the report suggests risks have also grown.
More platforms now require children to hand over personal information to unlock full features, while a growing number openly state they may share that data with third parties.
Other findings included:
- Nearly six-in-ten platforms required an email address to access full functionality
- Over 70% did not provide child-friendly explanations of privacy controls
- More than a third offered no easy way for users to delete their accounts
The report also highlights exposure to bullying, sexual content and self-harm material on a significant number of platforms, often combined with profiling tools that can amplify risks.
The sweep is not a formal investigation, but is designed to highlight emerging issues and guide future enforcement.
The full Global Privacy Enforcement Network’s Sweep Report can be found online.