By a Biometrica staffer
It would not come as any surprise to say that the Covid-19 pandemic pushed most of the world online, particularly children, as schools went virtual under lockdowns and restrictions. This increased children’s use of the internet, and has prompted a renewed wave of concern over the safety of kids online.
One topic that has received attention recently is the governance and protection of children’s data online. Earlier this year, in May, the UN convened a panel of 17 experts from around the world, with the aim of developing a 10-point framework for governing the data of children that will a) maximize the benefits of technology for children and b) protect children who are not able to consent or control their own data.
The manifesto calls for, among other things, minimizing the use of surveillance and algorithms to track children and create digital profiles for them; keeping in mind that each child and their context is different and will call for flexible approaches; placing the burden of protecting children’s data on companies and the government, not on parents and children alone; extending the age of protection up to 18; providing sufficient resources to the community and all stakeholders so they can understand and implement the new policies well; investing more in research so that knowledge gaps can be filled and so that all regulations are based on a solid bedrock of evidence.
There are many who would say that the law has struggled to keep pace with the rapid advancement of technologies, which seem to grow and evolve on a daily basis. In the U.S., laws governing the protection of children’s data is somewhat of a patchwork quilt, but falls mostly into the hands of the Federal Trade Commission (FTC), thanks to the Children’s Online Privacy Protection Act of 1998 (COPPA).
In today’s piece, we take a look at why it is so crucial that governments and companies act fast to establish a better framework for governing children’s data privacy online.
The Case For Protecting Children’s Data
It is hard to ignore the pressing need for stakeholders from governments to parents to better regulate and confront how a child’s data is being accessed, stored, and used.
According to some estimates, around 92% of American children have an online presence of some sort before the age of two. Parents are likely to share ultrasound photos and/or the child’s gender before they are born, and then may even share photos on a monthly basis, believing that they are innocuously documenting their child’s growth and development. A study from around a decade ago found that eight in 10 babies had an online presence, as did more than nine in ten two-year-olds.
Many children say that by the age of 10, they are allowed to or do browse the internet without their parents’ permission or knowledge. When it comes to teens, 95% report having access to a smartphone, and just under half of those say they are online for an average of nine hours a day. In addition to this, classrooms are increasingly becoming tech-centered, representing another possible point for data collection. In addition to children themselves sharing data, some researchers say that parents post an average of around 1,300 photos and videos of their children online by the time the child turns 13.
The dangers of a child having unrestricted and free access to the internet are manifold. Risks can range from localized problems like bullying and body image issues, all the way to a child being exposed to inappropriate material like pornography at a young age or being groomed and trafficked.
Children can have their pictures manipulated for horrific purposes, or can be subjected to humiliation, bullying, and even discrimination in the future. It may also affect their cognitive ability to understand and navigate the intricacies of autonomy and consent as they grow older.
According to observers, when they are young, children have no control over their online personas, nor do they really even understand the pitfalls and careful negotiations that must be considered before sharing personal information online. They do not understand what it means to give consent, experts say, and many parents do not even consider whether a child (now or in the future) wants information about their lives up for the world to see.
Identity theft is another cause for concern. One report by Barclays estimated that by 2030, parents sharing information about their children online (popularly known as “sharenting”) will account for two-thirds of all identity fraud in the UK. Minors prove an attractive target for this type of fraud, as there is little credit history associated with their data, and any identity theft may not even be uncovered until the child attempts to open a bank account.
Updated a decade ago, COPPA mandates websites to get explicit permission from parents before tracking the personal data of a child younger than 13. It also does a little to direct how online companies can market their products to children. When parents do consent, companies are allowed to store, collect, share, and use children’s information as they please.
The FTC has been successful in bringing charges against multiple companies under COPPA. Just last year, it was revealed the teen-sensation video app TikTok was once again being investigated by the Department of Justice and the FTC for violating COPPA. In 2019, the company had reached an agreement with the U.S. government to pay $5.7 million in civil penalties for collecting the first and last names, phone numbers, email addresses, and pictures of children under 13.
Similarly, also in 2019, YouTube paid a $170 million fine for violating COPPA by collecting information on children who watched the extremely popular toys and children’s content on its platform.
Even a seemingly innocuous coloring mobile app and digital coloring book has come under fire for violating COPPA by allowing children under 13 to use the app as a social media platform for communication. They were handed a civil penalty of $3 million.
The problem, some say, is that technology has evolved beyond just the basic worldwide web since 1998. Today, there are smartphones available, and new social media apps seem to proliferate at an astonishing rate. There are some who say that COPPA is no longer sufficient to protect children, and may actually even be counterproductive. Often, sites may have truly helpful and informative content for children, but will prohibit kids from accessing it due to fears over violating COPPA and being slapped with a heavy fine.
These deficiencies in the existing law have not gone unnoticed. In May, Senator Edward Markey, the original House author of COPPA, introduced into the U.S. Senate the Children and Teens’ Online Privacy Protection Act, aiming to update COPPA. The bill aims to protect children more widely by raising the age requirement for parental consent to 15.
Just days ago, Representative Kathy Castor reintroduced a bill she had submitted last year — the Protecting the Information of our Vulnerable Children and Youth Act (PRIVCY Act). Her House version raises the age of parental consent to 18 and will require all sites used by children and teens to comply with these regulations. It would also ban targeted advertising for teens and kids, and would ask teenagers for their permission before collecting their data. Rep. Castor also hopes that under the expanded law, the FTC will be able to pursue punitive damages against those found to be violating it.
It appears that there are many who believe COPPA still leaves much to be desired and that it needs to be updated for the rapidly shifting technology dynamics of the twenty-first century.
“In 2019, children and adolescents’ every move is monitored online, and even the youngest are bombarded with advertising when they go online to do their homework, talk to friends, and play games,” Sen. Markey said in introducing his bill, adding, “In the 21st century, we need to pass […] legislation that puts children’s well-being at the top of Congress’s priority list. If we can agree on anything, it should be that children deserve strong and effective protections online.”