The UK’s data protection regulator has launched a review of the mobile gaming sector, following parents’ concerns that titles may be breaking privacy laws.
The Information Commissioner’s Office (ICO) said yesterday that it would be scrutinizing 10 popular mobile games.
It will check their compliance with its Children’s code requirements regarding default privacy settings, geolocation controls, targeted advertising practices, and anything else identified in the review process.
“Children’s online experiences are shaped not just by social media and video sharing platforms, but also by the games they play,” explained information commissioner, John Edwards.
“Our early review suggests that many mobile games’ design features can be especially intrusive, raising important questions about how these games are designed and experienced, and their adherence to the ICO’s Children’s code standards.”
According to ICO research:
- 84% of parents are "concerned" and half (50%) are “very concerned” about their children’s potential exposure to strangers or harmful content through mobile games
- Three-quarters of parents are concerned about their children sharing personal data (76%), and data collection by game companies in order to serve ads (75%)
- 30% of parents say their children have stopped using a mobile game because the parent/carer or child was concerned about the data the game collected, or how the information was used
Improving Standards
Also known as the Age-Appropriate Design Code (AADC), the Children’s code is a set of 15 steps that digital service providers must follow to ensure they’re complying with data protection law (UK GDPR) in upholding children’s privacy rights.
The ICO claimed that similar scrutiny of social media and video-sharing platforms resulted in “significant progress” towards improving data protection practices.
The regulator has already issued a notice of intent to fine both Imgur and Reddit after an investigation into how the platforms use UK children’s personal information, and their age assurance measures.
Edwards has in the past warned that not only big-name US providers face potential scrutiny in this area. In March, he said that organizations of all sizes should “get your own house in order.”
In 2023, TikTok was fined a massive $368m by the Irish Data Protection Commission (DPC) for GDPR failings related to the processing of children’s information.
It’s not just on this side of the Atlantic where regulators are cracking down on companies whose products are used by children. In 2023, Microsoft paid $20m to settle an FTC case alleging it collected personal information from Xbox Live users it knew were children.
In the US, such matters usually fall under the Children’s Online Privacy Protection Act (COPPA).