A child's digital footprint often begins before they can talk. From the moment a parent downloads the first app on a tablet, data collection starts. In an era where personal data has become a valuable commodity, it is more important than ever that parents understand how children's apps handle data, what rights children have, and what you as a parent can do to protect your child's privacy.
Did you know? A 2025 study found that the average children's app shares data with five different third-party companies, including analytics firms and advertising networks. Many parents are unaware of the extent of data collection happening in the background while their child plays a seemingly innocent game.
Children are particularly vulnerable in the digital world for several reasons. They do not understand the consequences of sharing personal information, they cannot assess the risks of data sharing, and they have limited ability to give informed consent. At the same time, children are using digital devices at ever younger ages, and many apps are specifically designed to attract and engage the very youngest.
Data collected about children today can follow them for the rest of their lives. Digital profiles built in childhood can affect everything from insurance offers to job opportunities in the future. Therefore, it is crucial that parents take an active role in protecting children's digital rights from the start.
The scope of data collection in children's apps can surprise many parents. Here is an overview of what typical children's apps can collect:
Device type, operating system, screen resolution, network connection, and unique device identifiers (IDFA/AAID). These are used to identify the device and can be linked to advertising profiles.
GPS position, nearby WiFi networks, and IP address-based localization. Location data can reveal a child's home address, school, extracurricular activities, and daily movement patterns.
When and how long the app is used, which features are opened, what the child taps on, how long they look at specific elements, and when they exit. These patterns are used to create detailed behavioral profiles.
Apps with microphone or camera access can record audio, take photos, or film. Even apps that use voice recognition for "educational purposes" may store and transmit voice recordings to external servers for analysis.
Some apps request access to the contact list, which exposes not just the child's but the entire family's contact information. Apps with social features can also collect messages, friend lists, and interaction patterns.
The EU General Data Protection Regulation (GDPR), which is incorporated into Norwegian law through the Personal Data Act, provides children with special protection. GDPR recognizes that children deserve special protection regarding their personal data, because they may be less aware of the risks and consequences of data processing.
Datatilsynet is Norway's independent supervisory authority for privacy. They oversee compliance with the Personal Data Act and GDPR, and have developed their own guidelines for children's privacy in digital services. Datatilsynet has repeatedly stated that:
While GDPR is the most relevant legislation for Norwegian families, it is useful to know about other international regulations, especially since many apps are developed in the USA:
The Children's Online Privacy Protection Act is a US law that prohibits the collection of personal information from children under 13 without verifiable parental consent. COPPA applies to all apps and websites targeting American children, but many international apps also follow COPPA as a minimum standard. COPPA violations can result in fines of millions of dollars from the Federal Trade Commission (FTC).
The UK's Children's Code requires digital services that may be used by children to consider children's best interests. The Code contains 15 standards, including that privacy settings should be set to the highest level by default for children.
The EU is continuously working to strengthen children's digital rights through new regulations such as the Digital Services Act (DSA) and the AI Act, both of which contain specific provisions for the protection of minors in digital services.
Data collection from children's apps creates several types of risk that parents should be aware of:
Data from children's apps is used to build detailed profiles of children's interests, habits, and behavior. These profiles can follow the child across apps and devices through unique identifiers, and are used to customize content and advertising.
Even in apps "for children," collected data can be used to display targeted advertising, either directly to the child or indirectly through parents' devices. Children are particularly vulnerable to the influence of advertising because they do not fully understand commercial intentions.
Children's data stored by app companies can be exposed in data breaches. Information such as photos, voice recordings, and location history is particularly sensitive. Several major data breaches have affected children's services, exposing millions of children's personal data.
Data collected in childhood contributes to a digital profile that can persist into adulthood. This profile can potentially affect future insurance premiums, credit ratings, job opportunities, and other life-critical decisions without the person ever being informed about the data collection.
Privacy policies are often long and written in legal language, but there are some practical steps you can take to assess an app's privacy quickly:
A good privacy policy clearly states what is collected, why it is collected, and who it is shared with. Be skeptical of vague language such as "we may collect information to improve the service" without specifying what kind of information.
Serious children's apps have dedicated sections in their privacy policy addressing children's rights and parental consent. If the app targets children but does not mention children in the privacy policy, that is a serious warning sign.
Search for words like "third parties," "partners," "advertisers," and "analytics." If the privacy policy states that data is shared with third parties for "marketing purposes" or "analytics purposes," it means your child's data could end up with companies you have never heard of.
Look for information about how long data is stored and how you can request deletion. GDPR gives you the right to demand deletion of your child's data, and this should be clearly explained in the privacy policy.
Ask yourself: Does a drawing app really need microphone access? Does a puzzle game need GPS location? If the data collection seems disproportionate to the app's function, there is reason for concern.
Be particularly alert to these warning signs when reading an app's privacy policy:
When an app is free, the user is often the product. For children's apps, this means the child's data and attention are the real payment. The business model for many free apps is built on:
At Appguiden, we always evaluate an app's business model as part of the privacy score. Apps that are completely free and contain advertising score lower than apps with one-time payments or transparent subscription models without data sharing. We believe parents deserve to know what they are really "paying" for a free app.
Each app requests various permissions to access features on the device. Here is an overview of common permissions and how you should evaluate them for children's apps:
| Permission | Risk | Recommendation |
|---|---|---|
| Camera | Can take photos and video of the child | Deny unless necessary for core function |
| Microphone | Can record audio and conversations | Deny unless the app requires voice interaction |
| Location | Reveals child's real-time position | Always deny for children's apps |
| Contacts | Exposes family contact information | Always deny |
| Photos | Access to all photos on device | Deny or limit to selected photos |
| Notifications | Can interrupt and attract attention | Disable for most children's apps |
| Storage | Access to files on device | Approve only if app needs to save content |
Here are concrete actions you can take to protect your child's privacy in apps:
Always check what permissions an app requests before installing it. Both the iOS App Store and Google Play Store now show "App Privacy" information that summarizes an app's data collection. Use this as a first step in your evaluation.
Set up dedicated child accounts through Apple Family Sharing or Google Family Link. These give you the ability to approve app installations, limit screen time, control content filtering, and manage permissions centrally. Avoid letting children use your personal accounts.
Go into the device's settings and disable location services for all children's apps. On iOS: Settings → Privacy & Security → Location Services. On Android: Settings → Apps → [App Name] → Permissions → Location. Choose "Never" as the default.
App updates can change permissions and settings without you noticing. Make it a habit to check app permissions and privacy settings at least once a month. Remove apps that are no longer used, as they may continue to collect data in the background.
Appguiden evaluates all apps for privacy and safety as part of our total score. Our privacy assessment examines data collection, third-party sharing, advertising, tracking technology, and transparency in the privacy policy. Use this as a tool in your evaluation of new apps.
Adapt the conversation to the child's age. Younger children can understand concepts like "some things are private" and "we don't share our address and phone number with strangers." Older children can learn about how data is used, what happens to the information they share, and why privacy matters. Make it a natural part of the conversation about digital use.
Norway has a strong framework for protecting children's privacy. Here are the most important Norway-specific considerations parents should know about:
Norway has set the age of consent at 13, which is the lowest permitted threshold under GDPR (which allows countries to set the limit between 13 and 16 years). This means children between 13 and 15 can consent to the processing of personal data in digital services themselves, but parents should still play an active role in guiding them.
Norway's Personal Data Act (LOV-2018-06-15-38) implements GDPR into Norwegian law and contains additional provisions for Norwegian circumstances. The law gives Datatilsynet the authority to impose fines of up to 4% of a company's global turnover, ensuring it has real enforcement power.
The Norwegian Ombudsman for Children (Barneombudet) is an important voice for children's digital rights and has repeatedly raised issues related to children's privacy in digital services. The Ombudsman has, among other things, demanded stricter regulation of data collection from children's apps and better mechanisms for parental consent.
Norwegian parents can file complaints with Datatilsynet if they believe an app violates privacy regulations. The complaint can be submitted electronically through Datatilsynet's website and is processed free of charge. Datatilsynet has the authority to order companies to cease unlawful data processing and delete unlawfully collected data.
An increasingly important topic in Norway is privacy in apps that schools require students to use. Following the transition to digital education, many Norwegian schools use apps and online services such as Google Workspace for Education, Microsoft Teams, various learning platforms, and educational apps.
Here it is important to know that:
Tip: If you are concerned about privacy in apps the school uses, start by contacting the school administration or the municipality's data protection officer. All Norwegian municipalities are required to have a data protection officer who can answer questions about the processing of personal data.
Children's apps can collect device information, location data, usage patterns, voice recordings via microphone access, photos and videos, contact lists, and unique device identifiers. Some apps also collect data through third-party tools without parents being aware of it. The scope varies, but even seemingly simple apps can collect surprisingly large amounts of data.
Yes. GDPR provides children with special protection. In Norway, the age of consent is 13, meaning children under 13 need parental consent for the processing of personal data in digital services. Datatilsynet actively enforces these rules and can impose significant fines on companies that violate them. You also have the right to demand access to and deletion of your child's data.
Read the privacy policy and look for clear language about data collection. Check app permissions in your phone's settings. Look for red flags such as vague language about third-party sharing. Check whether the app is COPPA-certified or has other security seals. Use Appguiden's reviews which include privacy scoring. Read more about safe app use in our guide to safe screen use.
Generally no. Most children's apps do not need location access to function. Location data is highly sensitive and can reveal your child's home address, school, and daily routines. Disable location services for children's apps by default and only enable temporarily if a function requires it and you understand why.
Contact the app developer directly and demand deletion of data under GDPR Article 17. File a complaint with Datatilsynet through their website. Uninstall the app and revoke all permissions. Change any passwords that may have been compromised. Consider reporting the matter to the Consumer Authority if the app targets the Norwegian market.
Children's privacy in the digital world is a parental responsibility that requires knowledge, attention, and active measures. By taking control of app permissions, understanding the regulatory framework, and using tools like Appguiden's safety ratings, you can give your child a safer digital everyday life without giving up valuable learning experiences.
All apps on Appguiden are evaluated for privacy, safety, and educational quality. Our transparent scoring helps you choose apps that respect your child's data and digital rights.
Explore recommended apps