If you’re anything like me, the whole “data privacy” concept can seem a bit opaque. We hear about the massive data breaches that make global news, sure. The incessant data privacy disclaimers that hammer us on every website have become digital white noise. What’s really at stake, though?
And what does it all mean for our kids?
Each year on January 28th, Data Privacy Day gives us an opportunity to explore this important topic more deeply. How, for instance, should parents handle data privacy for kids? Are there laws we can rely on to protect our children until they’re old enough to make data decisions themselves?
Data Privacy Day is a brainchild of the National Cyber Security Alliance (NCSA), a national non-profit organization specializing in cybersecurity education and awareness. It’s an annual event aimed at raising awareness and keeping people up to date about how their data is being collected, used, and shared, including:
If you’ve ever wondered just how in the heck you’re already seeing ads for that new tea kettle you were shopping for 10 minutes ago on Amazon, Data Privacy Day is a good place to start. We love their Manage Your Privacy Settings section, for example, which provides direct links to manage privacy settings for most major services you (and your children) already use.
Here are some eye-opening data privacy statistics for 2021 (courtesy of the Data Privacy Day media kit):
With all of this attention around data privacy, a lot of parents are pretty keen on understanding the digital footprint that their kids are leaving behind. And for good reason. According to Parenting Children in the Age of Screens, published by Pew Research:
More and more kids are interacting with internet-enabled devices at younger and younger ages. There’s just one catch: Children cannot legally consent to sharing data with apps, websites, and other online services until the age of 13. So, what happens to all of the data they create and transmit before then?
The optimist in me hopes the answer is that a kid’s data “stays safe and private forever.” But we know how valuable “people data” is to all kinds of professionals. You don’t have to be Don Draper to know that! Remember Joe Camel out there making cigarettes seem like the coolest thing since Skip-Its and Sega Genesis? Not to mention McDonald’s Happy Meals, or elfin cartoons pushing sweet sugary cereals.
Only now kids aren’t just watching television ads. As the data shows, some kids are learning to use internet-enabled devices before they can walk. Between web browsing, mobile apps, streaming services and gaming, there’s plenty of opportunity for kids to knowingly or unknowingly transmit data. Parents certainly have their hands full.
Thankfully, there are three pieces of legislation in place to help limit the data that companies can collect from children.
Published and enforced by the Federal Trade Commission, COPPA establishes guidelines around how website operators must protect the data of children under the age of 13. The rule is designed to protect kids and put control in the hands of parents.
Under COPPA, site operators must comply with a number of guidelines, including a clear and comprehensive online privacy policy, parental consent before collecting data, and the ability for parents to decide how collected data—if any—is used.
COPPA rules state that websites and apps cannot:
1) Collect personal information from U.S. children under the age of 13 without parental consent
2) Share children’s information outside of the company without parental consent
Most mainstream websites and online services comply with COPPA, meaning there are some data safeguards already in place. You can learn more about COPPA here.
If you think a site has collected information from your kids or marketed to them in a way that violates the law, report it to the FTC at ftc.gov/complaint. The $170 million fine against YouTube in 2019 for a COPPA violation is a good example of how COPPA regulations are enforced.
Who knows? Maybe my son will run for elected office someday, or be in the public eye. Either way, he’ll likely want control over who gets to see his educational records. As it turns out, our educational records include a lot of personal information and data, including disciplinary history, academic records and even some medical information.
FERPA offers a number of important protections. First and foremost, FERPA keeps a child’s educational records private until that child turns 18. Up until then, it’s only parents who can request access to records, request corrections, and prohibit their transmission without written consent.
As a parent, I assume that my child is protected from obscene or inappropriate internet content while at school or the library. Thanks to CIPA, that’s by and large true. CIPA mandates that participating schools and libraries use software, technology, and other means to restrict access to harmful content for children under the age of 13. It’s yet another safety net extended to kids accessing the internet away from home.
Having major data privacy laws in place is very important, but it's not a cure all. Things slip through the cracks. Parents struggle to keep up. And kids are smart: many know how to skirt age restrictions, content filters, and other security measures. Plenty of children under 13 are using sites not intended for them,
As a parent, I’m finding that it helps to start with the fundamentals. Online activity of any kind—gaming, social media, web browsing, and so on—has the potential to leave a digital footprint. With that in mind, it’s helpful to break down your own approach to data privacy into two phases:
Phase 1: Benchmarking, or an audit of all the internet-enabled services, sites, apps, and devices that the children are accessing today. What permissions, for instance, do their smartphone apps have? What are the privacy settings for their existing social media accounts? Finding this information can be challenging.
However, the website internetmatters.org is an excellent resource for specific information on the following (and much more):
Looking at these resources with your children is a great starting point for the following step:
Phase 2: Ongoing safeguards, such as discussing best practices and establishing boundaries:
At this point, you, as a parent, might figure out that you can’t plug every data sieve all at once. This is when the strength of our data privacy laws come into play, as well as an internet security solution that can automatically block harmful content, log activity, and keep parents informed about potential data privacy blind spots.
With these protections in place, you’ll be well on your way to better protecting your children’s data.
With ESET Parental Control for Android
Try free for 30 daysOn the surface, the internet seems to offer anything and everything you might need – on demand and free. Children and teens especially enjoy the benefits of being able to download any song, film, book, computer program or app they want. However, even the internet has its limitations.
Learn about the protections put in place to safeguard your child's data
