Mandatory collection of personal information on websites and apps, stating that they do not knowingly collect children’s personal information (2025)

This chart illustrates the discrepancy between platform privacy policies and actual data collection practices, as revealed by the 2025 Global Privacy Enforcement Network (GPEN) Sweep. The study involved 27 global privacy authorities, including those from the UK and Canada, who replicated the user experience across 876 websites and apps that are popular with children. The data focuses specifically on the 54% of services that state in their policies that they 'do not knowingly collect children’s personal information', yet still require the disclosure of sensitive identifiers for account creation. A significant trend emerges in the identification gap: despite claiming to avoid collecting data on children, the majority of these platforms (62%) require an email address, and half (50%) require a username (often featuring the user's first and last name). Furthermore, 42% of these services still insist on a legal name and 15% require a phone number. These findings reveal a lack of transparency in the digital ecosystem. By using 'non-collection' statements as a legal shield while simultaneously mandating the collection of high-value personal data, these platforms leave young users vulnerable to tracking and profiling, without implementing the necessary child-specific protective controls.