If you’re anything like me, the whole “data privacy” concept can seem a bit opaque. We hear about the massive data breaches that make global news, sure. The incessant data privacy disclaimers that hammer us on every website have become digital white noise. What’s really at stake, though?
And what does it all mean for our kids?
Each year on January 28th, Data Privacy Day gives us an opportunity to explore this important topic more deeply. How, for instance, should parents handle data privacy for kids? Are there laws we can rely on to protect our children until they’re old enough to make data decisions themselves?
Why Data Privacy Day?
Data Privacy Day is a brainchild of the National Cyber Security Alliance (NCSA), a national non-profit organization specializing in cybersecurity education and awareness. It’s an annual event aimed at raising awareness and keeping people up to date about how their data is being collected, used, and shared, including:
- A library of regularly updated resources, multimedia, and educational content
- Annual events and keynote speeches about data privacy
- Opportunities to get involved as an individual or business
- Data privacy awareness assessments and activities
If you’ve ever wondered just how in the heck you’re already seeing ads for that new tea kettle you were shopping for 10 minutes ago on Amazon, Data Privacy Day is a good place to start. We love their Manage Your Privacy Settings section, for example, which provides direct links to manage privacy settings for most major services you (and your children) already use.
Here are some eye-opening data privacy statistics for 2021 (courtesy of the Data Privacy Day media kit):
What Data Privacy Means for Children
With all of this attention around data privacy, a lot of parents are pretty keen on understanding the digital footprint that their kids are leaving behind. And for good reason. According to Parenting Children in the Age of Screens, published by Pew Research:
- More than 33% of parents with a child under 12 say their child was interacting with a smartphone before the age of 5
- One in five parents of a child 12 or younger say that child has their own smartphone
More and more kids are interacting with internet-enabled devices at younger and younger ages. There’s just one catch: Children cannot legally consent to sharing data with apps, websites, and other online services until the age of 13. So, what happens to all of the data they create and transmit before then?
A Look at 3 Laws That Protect Your Child’s Data Privacy
The optimist in me hopes the answer is that a kid’s data “stays safe and private forever.” But we know how valuable “people data” is to all kinds of professionals. You don’t have to be Don Draper to know that! Remember Joe Camel out there making cigarettes seem like the coolest thing since Skip-Its and Sega Genesis? Not to mention McDonald’s Happy Meals, or elfin cartoons pushing sweet sugary cereals.
Only now kids aren’t just watching television ads. As the data shows, some kids are learning to use internet-enabled devices before they can walk. Between web browsing, mobile apps, streaming services and gaming, there’s plenty of opportunity for kids to knowingly or unknowingly transmit data. Parents certainly have their hands full.
Thankfully, there are three pieces of legislation in place to help limit the data that companies can collect from children.
1. The Children’s Online Privacy Protection Act (COPPA)
Published and enforced by the Federal Trade Commission, COPPA establishes guidelines around how website operators must protect the data of children under the age of 13. The rule is designed to protect kids and put control in the hands of parents.
COPPA rules state that websites and apps cannot:
1) Collect personal information from U.S. children under the age of 13 without parental consent
2) Share children’s information outside of the company without parental consent
Most mainstream websites and online services comply with COPPA, meaning there are some data safeguards already in place. You can learn more about COPPA here.
If you think a site has collected information from your kids or marketed to them in a way that violates the law, report it to the FTC at ftc.gov/complaint. The $170 million fine against YouTube in 2019 for a COPPA violation is a good example of how COPPA regulations are enforced.
2. Family Educational Rights and Privacy Act (FERPA)
Who knows? Maybe my son will run for elected office someday, or be in the public eye. Either way, he’ll likely want control over who gets to see his educational records. As it turns out, our educational records include a lot of personal information and data, including disciplinary history, academic records and even some medical information.
FERPA offers a number of important protections. First and foremost, FERPA keeps a child’s educational records private until that child turns 18. Up until then, it’s only parents who can request access to records, request corrections, and prohibit their transmission without written consent.
3. Children's Internet Protection Act (CIPA)
As a parent, I assume that my child is protected from obscene or inappropriate internet content while at school or the library. Thanks to CIPA, that’s by and large true. CIPA mandates that participating schools and libraries use software, technology, and other means to restrict access to harmful content for children under the age of 13. It’s yet another safety net extended to kids accessing the internet away from home.
What Parents Can Do to Protect Their Children’s Data
Having major data privacy laws in place is very important, but it's not a cure all. Things slip through the cracks. Parents struggle to keep up. And kids are smart: many know how to skirt age restrictions, content filters, and other security measures. Plenty of children under 13 are using sites not intended for them,
As a parent, I’m finding that it helps to start with the fundamentals. Online activity of any kind—gaming, social media, web browsing, and so on—has the potential to leave a digital footprint. With that in mind, it’s helpful to break down your own approach to data privacy into two phases:
Phase 1: Benchmarking, or an audit of all the internet-enabled services, sites, apps, and devices that the children are accessing today. What permissions, for instance, do their smartphone apps have? What are the privacy settings for their existing social media accounts? Finding this information can be challenging.
However, the website internetmatters.org is an excellent resource for specific information on the following (and much more):
- How to find and select privacy settings on smartphones and other devices, search engines, gaming consoles, networks and apps
- Where to view privacy policies and age requirements for a range of social platforms, including TikTok, Houseparty, Kik, Facebook, Monkey, Instagram and many others
- Where and how to report problems or privacy concerns on social media platforms
Looking at these resources with your children is a great starting point for the following step:
Phase 2: Ongoing safeguards, such as discussing best practices and establishing boundaries:
- What kind of information or photos are appropriate for sharing?
- What should they do if they see content that’s upsetting?
- How should they handle requests from strangers to connect on social media?
- How do you distinguish between truth and fiction in the digital world?
At this point, you, as a parent, might figure out that you can’t plug every data sieve all at once. This is when the strength of our data privacy laws come into play, as well as an internet security solution that can automatically block harmful content, log activity, and keep parents informed about potential data privacy blind spots.
With these protections in place, you’ll be well on your way to better protecting your children’s data.