Official Blog of the Office of the Privacy Commissioner of Canada

2 Sep 2015

Who did it better? A look at children’s apps/websites and the privacy protective controls on offer

Children are more connected than ever and often miles ahead of their parents when it comes to navigating the Internet and mobile applications (apps).

They’re also among our most vulnerable demographic groups and, in their quest to access their favourite game or social network, they may be apt to give out personal information without any thought to the potential privacy ramifications.

For this reason, the Global Privacy Enforcement Network made Children’s Privacy the theme of its 3rd annual Privacy Sweep.

The Office of the Privacy Commissioner of Canada, along with 28 other privacy enforcement authorities across the country and around the globe, assessed the privacy communications and practices of some 1,494 websites and mobile apps.

The goal: to find out which of them collect personal information, what type of personal information they collect, whether protective controls exist to limit the collection and whether a simple means to delete account information exists.

By briefly interacting with the websites and apps, the exercise was meant to recreate the consumer experience – in this case, the experience of children under the age of 12. Our sweepers, which included a number of adult volunteers as well as nine children, ultimately sought to assess privacy controls based on four key indicators:

  1. Collection of children’s data: Does the app/website collect children’s personal information and if so, what information is collected? (Ex. Name, email, date of birth, address, phone number, photo/video/audio.) Does a privacy policy or other privacy communications exist and if so, does it clearly explain the app/website’s personal information handling practices?
  2. Protective controls: Do protective controls exist and do they effectively limit the collection of personal data? (Ex. Prompts for parental involvement, warnings when leaving the site, pre-made avatars/usernames, moderated chats/message boards to prevent inadvertent sharing of personal information.) Are privacy communications tailored to children? (Ex. Simple language, large print, audio, animation.)
  3. Means to delete account information: Is there a simple means for deleting account information?
  4. Overall concerns about a child using the app/website: Overall, would I be comfortable with a child using this app/website?

In total, our Office examined 172 websites and mobile apps for both Android and iOS platforms. We focused on websites and apps that are targeted at or popular among children 12 and under.

Some 118 websites and apps appeared to be targeted directly at children, while 54 were considered popular among them. In other words, while designed for older audiences or audiences of all ages, children are said to be frequent users of these apps and websites.

The bulk of websites and apps swept were based in Canada and the United States. Our Sweep included a significant number of games and educational websites and apps, as well as leisure websites and apps hosted, for example, by museums or zoos. Traditional and social media apps and websites rounded out the list.

Before delving in, let’s be clear on a few points: Since apps and websites are constantly evolving, it’s best to think about our results as a snapshot in time. Also note that the Sweep was not a formal investigation. We did not seek to conclusively identify compliance issues or possible violations of privacy legislation. This was not an assessment of an app or website’s overall privacy practices, nor was it meant to provide an in-depth analysis of the design and development of the apps or websites examined.

Instead, we have compared and contrasted some of the web/app features and privacy practices that we found to be particularly kid-friendly, with those we felt could benefit from some “child-proofing.” We learned a lot and hope these concrete examples will help Canadians, as well as website and app developers, better understand our conclusions.

The moderated message/chat function:

Moderated message/chat functions ensure contributions are vetted before they are posted publicly. Items may be vetted for content but also for personal information as free-text portals can open the door to the inadvertent sharing of potentially sensitive details., a site clearly targeted at children, indicated its message board feature was moderated. Our Sweepers put that claim to the test by attempting to post a message that included a full name, age and hometown. A day later, here’s the modified message that went public: image. Moderated message/chat function works effectively. Message was changed to exclude personal information.

As you can see, the site even cropped the username to “victorg.” Nice catch

We attempted the same experiment with As you can see, the moderator informed us that it had rejected our post for privacy reasons. Awesome moderating decision master-builder Emmet! image.

Kudos to and which have shown how a little moderation can go a long way!

By contrast, Moviestar Planet is an example of a social networking app targeted specifically at kids that displays little self-control. While the app said it is moderated for content, children were free to post selfies with titles asking, for example, others to rate them “hot or not.” Not the sort of thing you might necessarily want out there on the Internet when you grow up. We won’t display those images to protect the privacy of the children, but you can also see how our sweeper was able to include a whole lot of personal information in the free-text chat function. Big no no! What’s stopping kids from entering their address, school or where they plan to be that afternoon?

Moviestar Planet image.

Meanwhile, sweepers noticed that websites/apps that are popular among children may moderate for certain content but not to ensure that children aren’t sharing personal details about themselves online. The website for FIFA, soccer’s governing body and a site popular with soccer fans of all ages, for instance, moderates its site to ensure that there are no violations of the Terms of Service. But as you can see below, our sweeper was able to state his age and location. Therefore this reference to moderation has more to do with the appropriateness of the content . . . You know how partisan soccer fans can get!

FIFA image.

The website’s Terms of Service also states that it is the responsibility of parents to supervise their children’s activities on the site and that appears to be as far as FIFA’s obligation goes towards moderating the content that children may be sharing. Certainly parents have a role to play in protecting children’s privacy while online, but seriously FIFA, you are not absolved from getting in the game. If you’re already moderating for content, why not make sure kids aren’t oversharing too? This serious foul deserves a red card.

Less is more:

Leave a little mystery! Profile displays do not have to give everything away. is an example of a targeted website that allows users to display a significant amount of personal information on their user profile including name, grade, gender, age and city. While the website said it does not collect from children under 13, it had no problem posting our 10-year-old’s information. Fortunately, there was no option to load a photo! image.

A similar interface on, however, had limited options for sharing personal information. The photo was a preset graphic and messages were fixed text. In other words, kids could choose what to say from a list of phrases. (Less is More) image.

Things can get a little trickier with popular apps and websites. Even though many children use these sites, they are often not designed with the under 12 crowd in mind. is one such example. As you can see, the social platform geared at teen girls collected and posted our 10-year-old sweeper’s full name, date of birth, occupation and location.

There were also no warnings or mechanisms to prevent users from uploading photos or posting personal information on message boards, some of which broach some pretty sensitive topics such as depression, suicide and self-mutilation. Given the lack of protective controls, there’s no telling what children could post and who might see it, raising all sorts of questions about the potential for harm to one’s reputation and well-being. image.

For an otherwise pretty kid-friendly website, we found this next example worth mentioning. offered kids an easy way to “get on Santa’s nice list” – by coughing up their full name and email address. In exchange, it promised to bombard subscribers with marketing materials. Not cool Santa, we’ll take the coal. image.


Selecting an image that will serve as your online identity doesn’t have to be personal. is an example of a targeted website that asked our sweeper to choose from a pre-set list of icons. image.

Other websites/apps asked sweepers to load their own avatar which opens the door to using personal photographs. For example, the Cookie Monster Challenge app prompted us to take a selfie for our profiles. The app’s generic privacy policy also suggested personal information may be shared with third parties.

As the Cookie Monster himself might say: Parents not like when Cookie gobble up sensitive personal information like photograph and share with udder monsters.

Cookie Monster Challenge image 1.  Cookie Monster Challenge image 2.

All in a name:

Just as children should be discouraged from using a personal photo online, so too should they be discouraged from using their real name.

Websites such as Harry Potter fan site,, don’t give kids the option. Instead, our sweepers were encouraged to select a username from a pre-set list. Thanks for thinking about the privacy of your younger Hogwarts classmates, Harry! (All in a name) image.

Meanwhile,, a classroom management site that connects teachers, students and their parents, got a gold star for advising sweepers in simple, child-friendly language not to use their real name. But unfortunately that gold star got yanked as there was no actual mechanism to prevent us from using it. image.

Parental control:

On the subject of parental control, there are some effective ways to limit the functionality of a website or app to protect privacy. A great way to do that is with a parental dashboard and here are a few examples that put parents in the privacy driver’s seat.

The first was Grimm’s Red Riding Hood, an app targeted at children that allowed parents to turn certain settings on and off, such as in app purchases and access to the store.

Grimm's Red Riding Hood image.

Another example is, a popular game website designed for children over the age of 13, even though younger children are known to frequent it. As long as young users have provided a valid parental email address, parents can control settings through a fairly comprehensive dashboard. image shows parental dashboard to control privacy settings and voice chat.

On social networking site, parents of young children must register an account, to which they can add a child. image shows request message sent to parents when child asks to open an account.

Parents could also monitor their child’s activities, including media uploads and connections with other users, however, the website collected a fair bit of personal information in the process. image shows parental dashboard to set permissions to upload media and contact other users. Also asks for child`s full name,  sex and date of birth.

Now just as the First Year kids at Hogwarts require parental permission for weekend trips to Hogsmeade, young users need parental permission to activate their account. Of course that means deploying a summoning charm: Accio parental email address. Good job on involving mum and dad!

But this website didn’t just seek mum or dad’s email address, it also asked for the child’s first name, country, date of birth and which Harry Potter books and movies you’ve read or watched before sending the parental consent link via email. Is all that information really necessary, Harry? (Parental Control) image.

The American Girl doll website had options to collect personal information through quizzes and sweepstakes, but to post a photo of your child with their favourite doll, parents had to provide a signed waiver.

American Girl image 1.

American Girl image 2.

These other apps clearly targeted directly at children have found some creative ways to keep wee ones out of adult sections of the site, though they do so assuming young users can’t read or follow very basic instructions! Consider making it a little tougher. Don’t forget, some wee ones are learning how to swipe a tablet screen before they can walk!

Parental control says area is for grown-ups only and asks user to enter three numbers.

Parental control says area is for grownups and asks user to swipe left with two fingers anywhere on the screen.


What seems so simple is often anything but. To put it mildly, not all delete functions are equal. From “no brainer” to “not an option,” here’s a look at our sliding scale when it comes to ease of deleting.

For some apps/websites, it was as easy as the click of a button. Take for example. This educational website allows users to sign up and join study groups on a variety of topics. But when you’re done, you simply had to click the settings button in the top right corner, scroll down and hit delete. image.

Others required a multistep process that could involve emails and/or phone calls to the company. Buried in the middle of its privacy policy is the delete option for targeted game app Despicable Me: Minion Rush.

Despicable Me: Minion Rush image 1., a website targeted at children that allows them to create dolls and interact with other users, requires parents/guardians to fill out a form. As you might be wondering from reading this excerpt from its privacy policy, it’s not clear whether the company actually destroys the personal information it has collected or whether it simply stops collecting, using and disclosing it to third parties. Given the amount of information this site collects and displays – country, gender, date of birth and anything through its free-text function – this raised some serious concerns for sweepers. image.

Unfortunately many popular websites and apps that collect personal information had no apparent means for deleting account data, leading our sweepers to believe that their information would be out there in the ether in perpetuity.

Off course:

It’s no surprise that kids like to click on shiny colourful things which many apps and websites have in spades. What’s not cool is when those shiny colourful things lead kids to places with different personal information collection practices or questionable content.

Redirection off-site often occurs through an ad or contest icon that sometimes appears to be part of the original site.

About a third of apps did not redirect users. Bravo! Meanwhile, 14 percent of them, including, at least provided a pop-up warning. image.

Others had more questionable redirection practices. For instance some websites/apps, including ones targeted directly at children, had ads for alcohol or dating websites that could lead users astray if clicked on. Some even had non-descript icons that, if clicked on, led sweepers to other sites that contained graphic and violent videos. Scary!

BONUS: Battle of the bands

Pop idols Justin Bieber, Taylor Swift and One Direction are all hugely popular among the under 12 crowd. But which fan site best bears that in mind when it comes to protecting the privacy of their youngest Beliebers, Swifties and Directioners?

Based on our indicators, here’s how these musical magnates stacked up. collected username, email, full name, photo, date of birth, city, gender and occupation. There was also an unmoderated free-text function in which users could type in whatever they like. The site could display your username, photo and city. While the site attempted to block users under the age of 13, the measure could be easily circumvented by keying in a different date of birth. It also redirected visitors to a half dozen social media sites, the Google Play Store and another Taylor Swift shop that separately collects a whole host of personal information. Finally, according to the website’s privacy policy, users could “access, update or delete” personal information via email. It also noted this could be done via the “my account” area of the website. That would be great. Too bad we couldn’t actually find a delete button. could collect a fan’s first name, email, date of birth, postal code and country. It too barred users under 13 but that measure could be similarly circumvented. The site also had links redirecting users to a variety of music and social media sites, including the pop star’s Facebook fan page. To “correct, update, amend, delete/remove” personal information, users are asked to send a letter via snail mail to an address in California, or to fill out an online form. It said users could also do it through the member information page, but no such page could be found., meanwhile, did not collect any personal information directly on site, though users could be redirected to a number of social media and music sites. The One Direction store, however, did collect a variety of personal information.

We are certainly not trying to create any “Bad Blood,” despite Taylor Swift’s lyrics, but it seems as though all three sites could use some helicopter parenting! That said, according to our final indicator, OPC sweepers said they were most comfortable with the One Direction site which seemed to hit the higher privacy notes of the three. Too bad the band has broken up:( Or so we think!

While we recognize that age verification can be tough as crafty kids have found clever ways around such mechanisms, we commend One Direction for simply limiting collection. Remember, don’t collect if you don’t have to. We also observed other sites that recognized a user’s URL and barred them from going back to the site and simply entering a different age for a period of time in order to gain access to the site. Others automatically redirected young users to a children’s version of the site. While many protective controls are seldom fool proof, we encourage developers to be creative and to find new ways of using technology to protect our most vulnerable.

Final thoughts . . .

As you can see, sweepers here at the Office of the Privacy Commissioner of Canada found many great examples of websites and mobiles apps that do not collect personal information whatsoever. We believe there are many effective ways to at least limit collection.

When it comes to protecting the privacy of children online, everybody has a role to play. Children themselves need to be educated about digital privacy issues and the perils of sharing personal information online. Teachers and parents can help instill this knowledge and should themselves be aware of what sites and apps their kids are using and what types of information they are being asked to hand over. Finally, developers should be mindful of who their users are and limit, if not eliminate, the collection of personal information from children through the use of innovative privacy protective controls.

Once we’ve finished sorting through our results, in conjunction with our provincial and international partners who are doing the same, we will determine any appropriate follow-up action.

As with last year’s Sweep, our follow-up activities could include reaching out to organizations to inform them of our findings and making suggestions for improvements. We also have the option to pursue enforcement action.

By the way, we wrote to the companies mentioned in the blog before posting this to share our concerns. Past experience has shown that education and outreach alone can often go a long way towards effecting positive change for privacy.


2 Sep 2015

Child sweepers share observations on web/mobile app privacy

Commissioner Daniel Therrien visits with children during Kids Privacy Sweep.

Privacy Commissioner of Canada Daniel Therrien pops in on Global Privacy Enforcement Network Children’s Privacy Sweep where a few kids are on hand to help.

A children’s privacy sweep with no children? In the words of cartoon curmudgeon Charlie Brown, “good grief!”

. . . and that was roughly genesis of the Office of the Privacy Commissioner of Canada’s (OPC) first ever Kid’s Sweep.

Nine youngsters, the offspring of OPC employees who also participated in the Sweep, descended on 30 rue Victoria one early May morning during International Sweep Week.

Fuelled on promises of pizza and cookies, the seven to 13-year-old boys and girls parked themselves in front of the laptop or tablet of their choice. Their job? To interact with their favorite apps and websites, thus recreating the user experience under the watchful gaze of their parents who took notes on how they navigated the privacy settings, or lack thereof, as the case happened to be for some sites.

The following is an edited transcript of what the kids, and their parents, had to say during a post-Sweep debrief before the smell of hot cheese and pepperoni wafted into the room and snatched their attention.

Did you have fun?

“Yeaaah!” (Kids shout in unison.)

Was anything hard or frustrating?

“It was hard to read privacy policies; they were really long and boring.”

Was it hard to sign up for some of the websites?

“If you are under 13, you are redirected to (the kid’s version of the website.)” Mom proceeded to explain that her son nonetheless managed to find a work-around.

What were some of the personal questions the website or app asked you?

“Where do you go to school? What’s your address?”

“It asked if you’re a student or a teacher.”

“It asked what gender you were.”

“Date of birth.”

“(On one website), if you typed in your real name, it wouldn’t take it or any short form of the name.”

“My photo.” (Mom added: “I wouldn’t let him. I shut it down real fast.”)

“It asked for what grade you were in.”

“(One website) asked for your picture but we just used a picture of a penguin that was already saved on the computer.” (Mom added: “But then it encouraged you to use a real picture.”)

Boy at computer.Did you always understand what the website or app was asking for?

“When I was working on (one website), I thought there were games made by other people that you could play but it was just shopping. That’s where there was the long and boring parts.”

Did any websites or apps tell you to go get a parent to help you?

“Before you were able to get on (one website), they send an email to your parent.” Mom added: “And the parent had to confirm.”

“On one website there’s a privacy mode so if you’re under 13, you can’t change it. If you want to change your age, you have to ask a parent by email.”

Did you ever click on something that led you to a totally different website?

“I was on (one website) and there was this little thing on the top of the page that said ‘are you a boy or a girl.’ It didn’t really look like an ad but it was just like a little thing with a picture and so, of course, we clicked on it and it went to another game website and it showed you a trailer.” Mom added that it was “teen rated” and included a warning that the content contained “violence, blood, partial nudity and alcohol.”

If you had to sign up for an account, did the website or app make it easy to delete your account when you were done?

“I was on (one website) and there was an option to delete the account and it deleted right away.”

Did anybody have trouble?

“A little bit. You had to email the company to delete it.”

– – – – –

Days after the Kids Sweep we got some great feedback from one of our parental sweepers who quipped that her kids are now tattling on each other for failing to read privacy policies. She added:

“They had a really good time and learned a lot about thinking critically when it comes to their personal information. If the result is that they make one brighter choice about their own privacy, then it was 100 percent worth it to me.”

It was this very comment that inspired one of our post-Sweep follow-up activities. The OPC has drafted a classroom activity for Grade 7 and 8 teachers across Canada based on our 2015 Kids Sweep.

We’ve simplified the Sweep form used to assess the privacy communications of apps and websites and are encouraging teachers to conduct privacy sweeps with students using the forms as a way to kick off a discussion about online privacy and the protection of personal information.

Alone or in groups, we are encouraging students to “sweep” their favorite apps and websites, to learn how to read privacy policies, to learn about tracking, the different types of personal information that might be collected and to discuss their observations with their teacher and peers. We’ve also provided a take-home tip sheet dubbed Pro Tips for Kids: Protecting Your Privacy for students and their parents.
Mother and daughter at computer.

Note to teachers: you can find the classroom activity on our website. As for parents and guardians, if it’s not something your kids are learning in school, think about adapting the lesson plan as a rainy Sunday afternoon activity!

Intimate, controversial or embarrassing photos and comments can have a lasting impact on a person’s reputation. Today, digital literacy as is as important as learning your ABCs and kids who understand and implement safe online privacy practices are less likely to make the sort of mistakes that could haunt them in the future.

Click here for more on the results of this year’s Children’s Privacy Sweep.

11 May 2015

Majority of app developers contacted by OPC commit to improve privacy communications in wake of GPEN sweep

Last fall’s Global Privacy Enforcement Network (GPEN) Mobile App Privacy Sweep is continuing to yield positive results for consumers in 2015.

As you might recall, the Office of the Privacy Commissioner of Canada (OPC) coordinated an assessment of the privacy communications of 1,211 popular mobile applications (apps) in conjunction with 25 national and international privacy enforcement partners. Our office alone assessed 151 apps.

Sweepers around the world found that 85 per cent of apps they looked at failed to clearly explain how they would collect, use and disclose personal information.

Our office decided to share our concerns with the developers – both the large corporate ones and the small-time basement genius types – behind some of the apps we swept.

Aside from the “l-APP-luster” and “dis-APP-ointing” apps we wrote to last fall before identifying them in a blog post, we sent letters to dozens of other apps outlining a number of our privacy concerns.

Our concerns ranged from not being able to find a privacy policy prior to download on the app marketplace or the developer’s website, to not being able to read it properly because it wasn’t designed for the small screen and either cut off words or required zooming in or horizontal scrolling.

Other times, we raised concerns about the lack of in-app privacy communications, or the fact that the so-called privacy policy didn’t actually address key issues such as the app’s practices regarding the collection, use and disclosure of personal information.

We’ve now heard back from the developers behind 31 of the apps we swept. The vast majority of them were grateful for our feedback and have committed to making improvements to their privacy communications.

For example, within just 34 minutes of receiving our letter via email, the developer of one health app added a privacy policy to its website. Another developer from Northern Europe with 14 apps to its name, thanked our Office for our letter, agreed to make privacy communications an immediate priority and is now ensuring that a privacy policy link is included in each of its marketplace listings. We also received positive feedback from one of the world’s largest online gaming companies, as well as a leading social networking app.

Other developers indicated they would improve privacy communications in future versions of their app, fix broken links to privacy policies or follow up with our Office once suggested changes have been implemented. Several Canadian news media apps committed to wholesale changes, from making privacy policy links more prominent to making them more user-friendly on the small screen.

Sweepers were particularly impressed with the response received from the popular game Farmville 2: Country Escape. The developer, Zynga Inc., fixed broken links and vowed to remove a permission that it no longer required from future versions of the game. The company also launched an abbreviated mobile privacy notice that summarized its lengthy privacy policy in an easier-to-read format on the small screen. But it didn’t just do this to address our concerns about Farmville. The developer has more than 70 other apps to its name and is making sure the privacy notice is available on the app marketplace for all of them. Bravo!


In fact, our outreach efforts have led to positive changes to the privacy communications and practices of some 136 apps.

We take from the overwhelmingly positive response to our letters of concern that many app developers want to protect the privacy of their customers and may simply be unaware that their practices were falling short.

The feedback we’ve received shows that education and outreach can often effect change without the need for more costly and time-consuming formal investigations. We see this as a testament to the success of the annual privacy sweep initiative.

Unfortunately, we could not reach the developers behind six apps despite significant effort. We’ve decided instead to name those apps here in the hopes that their creators might see our comments and make positive changes for their customers – starting with providing adequate contact information.

Here’s what we found:

Emoji Keyboard 2: Animated Emojis by Shishi Li

This app allows users to add emojis to their text messages. According to sweepers, no privacy communications were available before or after download. The data controller’s website was little more than a link to a Facebook page in the name of “John Smith.” Sweepers say the app appeared to link to Facebook, Twitter, email and SMS functions, but it did not ask for permission. Users are also asked to login to social media, but it’s unclear if personal information is being collected as a result.

Hide N Seek: Mini Game with Worldwide Multiplayer by Wang Wei (FingerLegend)

This app is a cartoon hide-and-seek game. According to sweepers, the app has no privacy policy and the developer’s website is an unused Twitter account. There was no explanation as to why the app wanted access to the user’s photos.

Smashy Birds With Blood by Bitcage Europe, Ltd.

Aside from its, ahem, interesting name, sweepers raised concerns about this game app because it has no privacy policy prior to or after download. The developer’s website,, is a template that has not been filled out. Sweepers raised concerns because the developer has seven other apps available in the app marketplace. While it’s not clear all the apps collect personal information, some appear to link to the user’s Instagram or Facebook account, calendar and contacts. Sweepers were disappointed to discover that Bitcage’s website was devoid of even the most basic of information, let alone a privacy policy that outlines if and how personal information is collected, used and disclosed. In fact, our Sweepers got an error message when they clicked on the part of the website where the privacy policy was supposed to be.


Can You Escape – Tower? by Kaarel Kirsipuu (MobiGrow)

This app is a puzzle game. Sweepers could find no privacy communications prior to download or within the app itself once it was on their device. The developer’s website is a Facebook page that includes no privacy information whatsoever. Sweepers raised concerns because the developer has 10 similar apps available in the Google Play Store. Some of the apps appear to collect and disclose, among other things, information about the user’s location. Some also seek access to external storage, which could contain the user’s photos, videos and other stored data. Sweepers felt MobiGrow should provide a proper privacy policy that explains what personal information is collected and how it is used and disclosed. Even if an app does not collect personal information, an assessment our Sweepers had difficulty making when there were no privacy communications, it is a best practice to say so.

Belly Fat Workout FREE: 10 Minute Ab Exercises by Pro Code Media

This is a fitness app that walks users through a variety of exercises. Sweepers were unable to find any communications explaining the app’s privacy practices prior to installation, or within the app itself. Nothing was found on the app marketplace listing nor was anything initially found on the developer’s website. Later, a mock privacy policy was found. It was written in Latin and had nothing to do with privacy, leaving our sweepers with a serious case of Confusus Maximus. There now appears to be a privacy policy of sorts on the website which is listed as the seller of the app in the app marketplace. The policy, however, does not include any information about consent for the collection, use or disclosure of personal information.

2048 by Estoty Entertainment Lab

This app is a highly addictive math game that, according to the developer, has been downloaded more than 35 million times. Our Sweepers have found no privacy communications whatsoever in the app marketplace or on the developer’s website. There were also no in-app privacy communications which left sweepers with a sense of unease over whether personal information was being collected and if so, how it would be used and disclosed. This developer also has other apps available in the app marketplace, at least one of which appears to link to Facebook, and Sweepers felt a best practice would be for Estoty Entertainment to be upfront about its personal information handling practices. 


It’s been eight months since we publicly raised concerns about four apps for their l-APP-luster or downright dis-APP-ointing performance when it comes to privacy communications.

We are happy to report that Super Bright LED Flashlight, an app that dis-APP-ointed our sweepers, is now asking for fewer permissions. It has removed its request for permission to access photos/media/files and ID/Call information. The app has also added a link to its privacy policy in its Google Play Store marketplace listing.

Note to developers: Click here for great tips on how to communicate your privacy practices to app users.

20 Nov 2014

A warning to webcam users


    Shortly after this letter was sent, the OPC was pleased to see that the website stopped broadcasting footage from unsecured webcams.

    The incident highlights the need for anyone with a webcam in their home or business to ensure they take steps to secure the camera.

    As well, it is important for companies that manufacture and sell Internet connected cameras to emphasize the importance of changing the factory default password – and make it as clear and easy as possible for people to do so.

The Office of the Privacy Commissioner of Canada is working with international and provincial counterparts to address the issue of a Russian website that has posted links to footage of unsecured surveillance videos from remote access webcams in use around the world, including Canada.

We fully support UK Information Commissioner Christopher Graham’s call for Russian authorities to take immediate action to take down the site.

We are also in the process of contacting the operators of the website to urge them to take down the webcam images.

In the meantime, we are urging anyone with a webcam in their home or business to ensure that they take steps to secure the camera – make sure you are not using the factory default password.

Check out the UK Commissioner’s blog on this issue.

27 Oct 2014

The kids are alright: innovative ways youth protect their privacy online


“Privacy is about much more than just solving technical issues of access control. That is not how people live and experience privacy. Privacy is in many ways about controlling the social situation.” – danah boyd

Through our Contributions Program, the Office of the Privacy Commissioner provided funding to the non-profit organization Mediasmarts for Young Canadians in a Wired World, a nation-wide survey of Canadians between the ages of 9 to 17 about their privacy habits.  Adults typically argue that youth don’t take privacy seriously, but Mediasmarts’ study suggests young people do care about privacy, but see it differently from their parents or teachers. While adults may see privacy and security from the perspective of keeping young people safe from online dangers, many young people see privacy and security as a way to manage their reputations and identities online.  So while both groups view online privacy as important, they do so for different reasons and use different methods to protect themselves.

One of the focuses of National Cybersecurity Awareness Month is promoting online safety.There are a lot of great resources and organizations out there to help with that (including on our website), but we thought we’d highlight some of the innovative and interesting ways researchers have found that young people have developed themselves to protect their privacy.

We want to highlight them for two reasons: to raise awareness among parents, teachers and other adults who influence kids that these practices do exist, and to demonstrate to adults that, contrary to popular opinion, young people actually care about their privacy and can go to great lengths to protect it.

White-walling: white-walling is the method of deleting a post after a specified period of time (generally when you post the next status update).  By doing this, kids minimize the risk of someone dredging up information from the past and using it against the individual in the future.

The super-logoffYou just don’t log out of your Facebook account, you delete it.  Since there are a few steps before you can remove a Facebook account completely, a super-logoff allows users to shut down their account when they aren’t using it.  This prevents other people from searching for information, writing on a user’s wall, or tagging photos when a user is not online.

Cloaking messages & different platforms:  According to Pew Internet Research, youth will often cloak their messages in order to mitigate having to “code switch” between their different audiences.  Oftentimes, youth will use different platforms to segregate their audiences.  For some, Facebook, for example, may contain more family whereas Instagram may be a place where users interact more with friends.  They will also use references that will be understood by their friends as being a double-entendre but that their parents and teachers would take at face value.  This allows them to communicate with their peers while still enjoying privacy from adult eyes.

Finally, teens are having fun with the ways their information is being used to target them for advertising.  They are amused by throwing in tidbits of information and watching the result of targeted advertising.  As danah boyd pointed out, “if you are a 15-year-old boy, nothing is funnier than using Gmail in a way that will trigger advertisers to send your friends diaper ads”.  So while adults may fret about the ways we are trying to keep children safe online, kids these days are also showing us new and surprising ways to protect information online.

New and innovative methods of protecting personal data are constantly being introduced online.  If you have heard of any inventive ways people are managing their privacy, be sure to leave them in the comments so we can highlight them in a future post.

Learn more about youth and online privacy by visiting the youth section of our website at –

3 Oct 2014

Cybersecurity Awareness Month 2014

October 1st marked the start of Cybersecurity Awareness Month.  It’s an opportunity to share tips and tools to help people stay more safe and secure online.

Throughout October, we’ll be highlighting the resources we have available to encourage Canadians to be more privacy- and cybersecurity-conscious.  On our blog, among other things, we’ll look at innovative cybersecurity research projects funded through our Contributions Program, we’ll let you know how young people are protecting their privacy online, and we’ll highlight what small-and medium-sized businesses can do when it comes to protecting personal data.

So, throughout the month, keep up with us on Twitter (@privacyprivee) and on our blog for more information on privacy and cybersecurity.   Also be sure to check out Public Safety Canada’s cybersecurity website.

9 Sep 2014

From APP-laudable to dis-APP-ointing, global mobile app privacy sweep yields mixed results

Back in May, the Global Privacy Enforcement Network (GPEN) embarked upon its second annual Privacy Sweep, this time with a focus on mobile apps.

The Office of the Privacy Commissioner of Canada coordinated 25 other privacy enforcement authorities across the country and around the globe, in an assessment of the privacy communications of some 1,211 apps designed for both tablets and smartphones in a bid to find out which of them left our sweepers most at ease in terms of how their personal information was being collected and used.

By downloading and briefly interacting with the apps, this exercise was meant to recreate the consumer experience. Our sweepers ultimately sought to assess transparency based on five key indicators:

  1. Prior to installation, did the app explain how it would collect, use and disclose personal data via a privacy policy, app marketplace description or through some other communications tool?
  2. Which permissions did the app request access to and did the app explain why? For example, did it seek permission to access your identity/accounts, (which may include email address, Twitter handle and Facebook username, but not the information stored in those accounts); location, (based on nearby cell towers, GPS or nearby WiFi networks); photos/media/files, (which can include music, movies and other files stored on your device); camera/microphone, (which could allow the app to turn on and capture data from the phone’s camera and/or microphone, hopefully with the user’s knowledge and consent); device ID/call information (including phone number and an indication of when the user is on the phone and with whom, a request often made by games that wish to pause when the phone is engaged); and device/app history, (often used to perform diagnostics after a crash but that can include sensitive information like log data, web bookmarks and history, which apps are running on the device and other system information.)
  3. Did the sweeper feel that the permissions being sought went beyond what they expected based on the app’s functionality?
  4. Were the app’s privacy communications tailored to be read on a small screen?
  5. Overall, how satisfied was the sweeper with the privacy communications? How well did the app explain the permissions and how it collects, uses and discloses the associated personal information?

At the end of the day, users can only provide meaningful consent to the collection of their personal information if they are well informed as to how that information will be used.

In total, our Office examined 151 apps, for both Android and iOS platforms, that are popular among Canadians. About three-quarters of them were free, while the remaining ones were paid apps. Our assessment included a significant number of games, as well as health and fitness apps, news and magazine apps, and social networking apps.

We believe it’s important to share specific results from our Sweep, as we did last year, so Canadians can better understand our conclusions.

But before we start, let’s be clear: The Sweep was not intended to conclusively identify compliance issues or possible violations of privacy legislation. It was also not meant to be an assessment of the apps’ privacy practices in general, nor was it meant to provide an in-depth analysis of the design and development of the apps examined.

We haven’t conducted a formal investigation and we’ve chosen the following play on words to give you a general sense of how our sweepers felt about the apps during the experience.

With that, here are some examples of apps with the most APP-laudable, L-APP-luster and Dis-APP-ointing privacy features.



On a scale of 0 to 3, our sweepers gave 28 per cent of apps top marks for providing timely, clear, concise explanations of their privacy practices.

In general, these apps made their privacy policies available on their website, their marketplace listing and within the apps themselves. The policies were, for the most part, consistent throughout and clearly explained how the apps would collect, use and disclose personal information.

Among the positive examples identified:


This free app ranked 5th among music app downloads in Canada according to the popular Distimo Apple Store app chart the month of our sweep. Shazam will listen to a song or television show playing in the background and identify what it is you’re listening to or watching.

The app requests a number of permissions, including access to identity (accounts), location, photos/media/files, camera/microphone and device ID/call information.

Our sweepers were singing the praises of this app because its privacy communications provided clear explanations of individual permissions that left them with a generally positive feeling about how their personal information would be used.

For iOS, the app uses just-in-time notifications prior to accessing information, like in the example below which outlines why the app needs access to the microphone. On the Android marketplace listing, sweepers noted there’s a handy link that explains why the app needs to collect certain information. It’s appropriately dubbed: “Why does Shazam need these app permissions?”

Shazam on iOS

Shazam on Android permissions explained

Shazam on Android permissions breakdown


Fertility Friend: Ovulation Calendar

This free, made-in-Canada app was downloaded as many as 1 million times by Android users alone. It allows users to input cycle-related information to help track their fertility.

Sweepers were particularly pleased that this app explained not only what it would do with the information it collected, but also what it would NOT do.

For example, the app acknowledges that the type of information it collects is “extremely sensitive,” and promises not to “sell or transmit to others any personally identifiable data” entered on the site. A separate link explains that the site charges for premium services to avoid having to rely on advertisers for revenue.

Sweepers also noted the app’s privacy policy was well formatted for the small screen.

Fertility Friend on Android

As you can see from this colour-coded screen that displays menstrual cycle, fertile days and intercourse, users are required to input some pretty intimate details. These excerpts from the privacy policy, however, are quite clear about what the app will not do with that information and why.

Fertility Friend on Android

Fertility Friend privacy policy

Trip Advisor: City Guides

This popular free travel app has been downloaded more than 1 million times by Android users alone. It creates travel itineraries and offers reviews of restaurants, attractions and hotels in various cities.

Sweepers noted that the app did not provide a link to its privacy policy on either platform’s app marketplace. The policy was, however, available prior to installation on Trip Advisor’s website and in-app on Android and iOS.

The app ultimately earned APP-lause from our sweep team for tailoring its privacy communications to the app and to the small screen. The privacy policy is in an easy-to-read font and is well-structured, with a table of contents comprised of a list of explanations that users can click on to obtain more information (see the Android screenshot below for a list of hyper-linked privacy policy topics). The policy also provides a separate explanation for information collected by Trip Advisor apps on a mobile device (see iOS screenshot below).

TripAdvisor on Android

TripAdvisor on iOS

Our sweepers also gave a shout out to Trip Advisor last year when they examined the company’s website, and found its privacy policy went the extra step by offering users a detailed explanation of its “Instant Personalization” feature. The feature uses information provided by Facebook to give the user a more customized experience. The company’s explanation not only detailed what information was collected and how it was being used, but also provided instructions on how to enable and disable the feature.


A significant number of apps earned praise from our sweepers for some of their privacy communications, but missed the mark in other areas.

Among them:

Trials Frontier

This free app ranked 14th overall in Canada the month before our sweep, according to Distimo’s Apple Store app chart. It’s a motorcycle racing game that allows users to compete against friends and strangers around the world.

This app makes its privacy policy available on the Google Play marketplace but not on Apple’s App Store. Also, it’s tough to locate the privacy policy on the developer’s website for iOS. Initially, users are directed to a page of game ads.

For the most part, sweepers felt the app did explain how it would collect, use and disclose personal information. The policy is fairly detailed and organized under useful headings like “what personal information does (the company) collect,” “how will my personal information be used and by whom,” and “what safeguards does (the company) use to protect my personal information.”

But this racing app earned some unwanted demerit points for failing to tailor to the small screen. On the iOS platform shown below, the privacy policy strained sweepers’ eyes, and when they zoomed in, they were forced to scroll horizontally, as well as vertically, which is cumbersome and not particularly user friendly.

Ubisoft privacy policy on Android

Ubisoft privacy policy on iOS

Guess the Emoji

This free app reached No. 48 overall in Canada the month before our sweep, according to Distimo’s Apple Store app chart.  It’s a fill-in-the-blank word game.

According to sweepers, the app seeks permission to access identity (accounts), photos/media/files and device ID/call information, among other things. The app’s privacy policy expanded on this to say that the company “may gain access to some personal data through third-parties or affiliates,” including access to “financial information such as credit card or bank account numbers and “information related to your current living accommodations.” Sweepers wondered what exactly this could mean.

The policy also provided a laundry list of potential uses of personal information, but sweepers were still perplexed as to why the app needed all those details for such purposes.

Their discomfort was only exacerbated by the policy’s explanation of the wide-ranging circumstances pursuant to which such information might be disclosed. It said, for example, that the company “may sell or rent your personal information to third parties for marketing purposes without your explicit consent.”

While it is good that the company provided a detailed explanation of the information it may collect and how it may be disclosed, privacy practices need to be justified, not just stated.

Guess the Emoji screenshot 1

See for yourself what this app proposes to do with the personal information it collects in these two screen grabs of the developer’s privacy policy.

Guess the Emoji Screenshot 2


Approximately 26 per cent of apps left our sweepers with a real sense of discomfort in terms of how they conveyed their privacy practices and, in some cases, with respect to what they said they might do with the personal information collected.

Among them:

Super-Bright LED Flashlight

This free app made it to No. 17 overall in Canada on Distimo’s top Google Play Store app chart the very week of our sweep. It allows users to turn their mobile phone into a flashlight.

The app sought permission to access the user’s camera/microphone, device ID/ call information and even photos/media/files. Besides the camera flash function, it was not made clear to sweepers why the app would need all that information to operate a flashlight.

Sweepers found no link to a privacy policy in the app’s Google Play marketplace listing so they followed a link to the “developer’s website,” which led them to a “domain parking” service. The website contained no content, except for two links, one of which was for individuals who may be interested in buying that website’s domain name – i.e. the point of domain parking. The other link took users to the privacy policy of the domain parking company, which contained nothing about the flashlight app’s collection, use and disclosure of personal information.

Without a clear and accessible policy outlining how their personal information would be used, this flashlight app left our sweepers in the dark!


Super-Bright LED Flashlight on Android

This image taken from an Android device shows the large number of permissions sought by this flashlight app.

Pixel Gun 3D

This free app reached No. 18 among game downloads in Canada on Distimo’s top Apple Store chart the month before our sweep. It is a multiplayer, pixel cartoon shooting game that allows users to create and customize their own characters.

This app seeks permission to access device ID/call information, device/app history and photos/media/files, among other things, but there is no privacy policy available on this app’s marketplace listing, on its website or within the app itself.

While there is no privacy policy, a “terms of use” policy available in-app, speaks to granting the developer full control over user content. This includes the ability to “sublicense and assign to third parties and a right to copy, reproduce, fix, adapt, modify, improve, translate, reformat, create derivative works from, manufacture, introduce into circulation, commercialize, publish, distribute, sell, license, sublicense, transfer, rent, lease . . . your user content . . . in connection with our provision of the game, including marketing and promotions . . .” It adds that the license granting the company this unlimited access to user content will only end once the user deletes their content or uninstalls the game, unless it’s been shared with a third party that has not deleted the information. Furthermore, the policy notes that the content “may persist in back-up copies for a reasonable period of time.”

Not only did sweepers find the terms of use policy long and legalistic, an oft-cited complaint during last year’s sweep that’s particularly challenging on the small-screen, they also found it very difficult to read as it was written in a tiny white font over a colourful, moving, animated background and required significant scrolling.

Sweepers ultimately felt the app’s privacy communications left much to be desired and, given the potentially personal nature of the permissions, they were uncomfortable using the app.

 Pixel Gun 3D on iOS

It’s best to think of our sweep as a snapshot in time. Apps are constantly evolving. While our sweepers assessed and reassessed each app over these last few months in the interest of quality control, each examination either raised new questions or answered old ones.

At the end of this experiment, one thing is clear to our sweepers: privacy communications are fluid and the level of accessibility will depend on user know-how, the platform being used (e.g. Android, iOS or BlackBerry) and the type of device, whether it’s a Lenovo tablet, an iPad or a Samsung Galaxy smartphone.

Nevertheless, we wanted to provide you with some concrete examples of what we found during our sweep.

Once we’ve finished sorting through our results, in conjunction with our provincial and international partners who are doing the same, we will determine any appropriate follow-up action.

As with last year’s sweep, our follow-up activities will include reaching out to organizations to inform them of our findings and making suggestions for improvements. We also have the option to pursue enforcement action.

Full disclosure: we wrote to the companies mentioned in the blog a week before posting to share our concerns. So far Random Logic Games/Conversion LLC, the maker of Guess the Emoji, has committed to making positive changes.


5 Sep 2014

It’s back to school!

Looking for ways to kick the school year off right?

Start with a reminder to kids that privacy matters! Canadian kids are digitally savvy and they value their privacy, but they can sometimes be unsuspecting about the potential privacy risks of new digital communications technologies.

Our office has created a graphic novel, Social Smarts: Privacy, the Internet and You, to help young Canadians better understand and navigate privacy issues in the online world.

Social SmartsParents and educators can also take advantage of our new discussion guide and privacy activity sheets to generate more in-depth discussions on the privacy risks related to social networking, mobile devices and texting, and online gaming. These tools also provide ample opportunities to raise real-life situations in which privacy can be impacted.

Because kids go online earlier in life than ever before, the privacy activity sheets vary in difficulty, from very simple (a colouring page) to more difficult (a simple cryptography activity).

You can find these and more on the Youth Privacy section of our site!

19 Jun 2014

Mind the gap: Poll finds many Canadian businesses believe privacy is important but not taking basic steps to protect customer information

Ten years after Canada’s private sector privacy law came into full effect, our latest survey has found that many Canadian businesses are still not taking the basic steps necessary to protect the personal information of their customers and clients – despite believing that protecting privacy is “extremely important”.

An overwhelming majority of businesses (82%) said protecting privacy is important—in fact 59% rated it as “extremely important.”  As well, more than two-thirds (69%) indicated they were “very confident” in the ability of their business to protect the personal information they collect about customers.

However, the telephone survey of 1,006 companies across Canada identified serious gaps in basic privacy protection by businesses both large and small, for example:

  • More than half (55%) do not have a privacy policy;
  • Half (50%) do not have procedures for responding to customer requests to access their personal information;
  • Nearly half (49%) do not have procedures for dealing with privacy complaints; and
  • More than two in five (42%) have not designated an employee responsible for ensuring privacy protection.
  • Two-thirds (67%) have no policies or procedures for assessing the privacy risks of new products, services or technologies.

The survey, carried out in November 2013 by Phoenix Strategic Perspectives of Ottawa, also found that 59% of the surveyed businesses have little or no concern about the prospect of a data breach. Despite numerous high-profile media reports of data breaches in the private sector over the past few years, the number of businesses indicating a lack of concern about data breaches has increased over time to 59% from 49% in 2011 and 42% in 2010.

In addition, 58% of the businesses surveyed had no guidelines for dealing with a breach where the personal information of their customers was compromised.

We commissioned the survey, which is considered to be accurate to within +/- 3.1%, 19 times out of 20, in order to better understand the extent to which businesses are familiar with privacy issues and requirements, and the types of privacy policies and practices they have in place. Similar surveys were conducted in 2011, 2010 and 2007.

What do you think – are businesses doing an adequate job of safeguarding customer information? What challenges do they face in protecting privacy? Let us know in the comments.

20 Sep 2013

An update on our Internet privacy sweep

Last month, we released the initial results of our Internet privacy sweep. You can read the original blog post to see what we observed. (We should note here that the screenshots and references in that blog post reflect what we saw online during the sweep and were still in place when we originally blogged about the sweep results on August 13.)

As part of our efforts on the sweep, our Office advised the companies that were mentioned in the blog, inviting them to contact the OPC if they wished to discuss the Sweep and our observations.

Since that original post, we are very pleased to see that some of the organizations we highlighted have made changes to enhance their online privacy policies.

A&W changed its privacy policy shortly after we issued the results of our Privacy Sweep. Their original 110-word privacy policy has now been expanded to just under 1600 words and covers the collection, use, disclosure and retention of customers’ personal information collected through customer feedback, events, gift card purchases and contests.

Bell Media also updated their privacy policy shortly thereafter, fixing the broken link to their Privacy Officer’s email address:

 New Bell Media privacy policy

We think customers will be pleased as well to see that the companies they choose to do business with are more open and straightforward about how they use customer information.

Hopefully other companies we looked at, as well as those that didn’t, will take note.