Children’s online privacy and consent at internet scale

children's online privacy

PRIVO outlines the way to protect children’s online privacy and support safety with its consent management platform.

As more and more children are entering the online world and owning their own devices at ages earlier than ever before, strong concerns about allowing businesses access to children’s data is rising. Online users under the age of thirteen (U13) have become one of the fastest growing digital audiences around the world. TV viewing is down and these U13s are consuming and interacting with media online, becoming content creators that publish their photos, videos and thoughts, putting themselves and their privacy at risk. The regulations that have been put into place to protect these children’s online privacy have had their own chilling effects on the ways industry giants and those learning from them choose to handle these young visitors and users of their products and services.

Children’s online privacy is a key issue. Industry, parents and children need to understand how to protect their information from a safety perspective and from exploitation. The big tech giants spend time and energy understanding not only our shopping habits, but our psychological state and our moods. Carbon footprints left behind as a child and careless social media profiles impact our futures, not least when it comes to applying for university, jobs, insurance policies and references. The issue is much deeper than meets the eye.

Children’s Online Privacy Protection Act

The US Congress tried to address this important issue when the Children’s Online Privacy Protection Act (COPPA) was enacted in 1998, and then again when the Federal Trade Commission (FTC) – the enforcer of COPPA – revised and strengthened it in 2013. Despite the law and its subsequent tweaks, concerns still exist because of COPPA’s way of handling different levels of parental consent, making it burdensome for companies and parents. As a result, many clicks-and-mortar businesses avoid dealing with kids online altogether missing out on a revenue stream and a chance to build their brands by turning their back on an important market segment: children and their parents.

General Data Protection Regulation

Fast forward to May 25, 2018 when the EU’s General Data Protection Regulation (GDPR) came into force, putting EU citizens in control of their personal data. Under the GDPR, children under 16 merit specific protection, which includes adopting measures to verify a child’s age and managing meaningful and informed consent. The GDPR has set the age of consent at 16, meaning users 15 years and younger need parent consent where applicable. However, Member States can adopt a younger age of consent as low as 13. Developers will need to prove that consent is valid, that it is informed and granular and that they have methods in place to allow parents to exercise their rights in relation to children’s online privacy. Understanding the lawful basis for processing personal data of a child is key.

Lessons learned from COPPA

The United States regulation, COPPA (Children’s Online Privacy Protection Act), was designed by lawmakers to introduce parents into the decision-making process and put them in control of the information collected online from their children.

The intent of the law was to give parents the final say regarding the collection, use and disclosure of their children’s personal information when engaging with online services, which includes mobile apps and connected toys.

Since its inception, COPPA has created headaches for online content providers seeking to breach children’s online privacy for marketing and other purposes, as well as for parents who are obliged to verify themselves and provide consent each time a child engages with the digital service. This has led to children lying about their age which in turn hinders data integrity and accuracy. In fact, many parents encourage their child to “age up” in order to avoid burdensome verification processes.

Digital services are either turning away U13 children and missing an opportunity or have actual knowledge that children U13 have gamed the registration and are using the service which creates risk to children’s online privacy. When children “age up” both they and the businesses are in a vulnerable position. Children are likely to see inappropriate or aggressive ads, access to adult content, chat rooms and communities that have no monitoring practices or protections.

PRIVO, the operator of a global kids’ privacy assured programme which includes an FTC approved COPPA Safe Harbor and a GDPRkids™ solution, took action to address these issues by developing a privacy enhanced identity and consent platform based on a trust model, the Minors Trust Framework (MTF). The MTF was developed under a White House initiative aimed at finding a better way to protect and enable consumers to manage their online identity.

Protecting children’s online privacy is a key issue for industry, parents and children. PRIVO provides a privacy enhancing single login credential to manage consent across numerous websites and apps. Before consent is obtained the parent and child is provided with transparent information on data collection and processing and the opportunity for the parent to consent at a granular level.

PRIVO only has to verify the parent-child relationship once removing the burden from businesses and families and streamlining the process. This has a measurable and positive impact on how identity is addressed for a new generation of digital natives. It also means that online content and service providers no longer need to fear COPPA or the GDPR with regard to protecting children’s online privacy. Instead they are able to embrace the regulations while increasing lifetime value and engagement and remain compliant.

Waking up to privacy

Today there is increased scrutiny as to how tech companies are misusing and abusing consumer data and violating privacy. The GDPR’s data breach notification requirements bring issues into sharp relief. In recent years, the number of high profile attacks against both commercial and government entities has grown; and consequently raised awareness creating a heightened sense of urgency for more robust cybersecurity and data privacy.

The lack of credibility of the largest providers of federated identities highlights the market opportunity for a neutral identity provider, with focus on children’s online privacy and security.

PRIVO is a leader in identity and consent management for children and their parents

PRIVO’s identity and consent management platform includes a parent dashboard that meets the requirements for transparent and granular consent and puts the parent and child in control of their personal data and how it is processed. As the data and consent manager, PRIVO does not benefit from the tracking or selling of children’s personal data, but rather operates a privacy compliant switch board; providing a standard for how companies provide privacy notices and obtain parental consent when needed under the GDPR, COPPA and other emerging children’s online privacy legislation worldwide.

Expect better outcomes when children are not marginalised online and they can be truthful about their age and receive the correct protections.

Call to action

Fostering a privacy preserving digital ecosystem which encourages organisations to safely and responsibly engage with children and families is paramount not just for legal compliance, but for building a strong brand. The European Data Protection body should finalise the criteria for certification programmes which are a mechanism to demonstrate compliance and demonstrate brand integrity. US regulators, both federal and state, have recognised COPPA safe harbour programmes. To date details of accreditation programmes for GDPR are still being debated. PRIVO urges that such certifications be recognised across the EU and not on a state by state basis. Approval from the data protection authorities of each individual Member State would not only prove costly but would hinder business. Consumers deserve to rely on accredited trust marks to protect children’s online privacy when visiting online sites, apps and using connected devices.

A standardised consent process for holders of parental responsibility should be adopted to ensure a level playing field both for the children and parents and for the industry. This would support the free flow of authorised data across borders. Streamlining process is vital for success.

Let’s face it, children lie about their age online

Patterns will be patterns and we know children try to age up. Children in the age range of 10 to 12 will more times than not attempt to age up when presented with an age gate. Industry only needs to look to the thousands of accounts closed on Facebook weekly when the platform has actual knowledge the user has played the registration or come across the inappropriate images of 10 to 16 year olds on Instagram. Research also shows children between the ages of 8 and 11 say Snapchat is their favourite platform, even though Snapchat would claim its users have been properly screened and that children U13 are not on the platform. These are just some examples.

This age group is sophisticated in its use of technology but lacks the maturity to deal with the emotional impact, safety and privacy issues they face online. The ecosystem where kids and others interact has critical developmental needs which include online education, guidance, safety and children’s online privacy settings they can control. Unfortunately, traditional age gates don’t always do the trick.

Teaching new habits

We teach our children how to wait for the green light before crossing the street, not to speak to strangers, not to hand out their address and phone number and how to look both ways before crossing. Well, there are some very similar rules we need to teach to our children before they take the first click on the internet to safeguard children’s online privacy and identity.

We need to teach our children they are in control of their privacy and their well-being on the internet depends upon how they follow the rules and use common sense. Just like in the real world, we wouldn’t want kids going to hang out in a bar and getting in with a fake ID. What makes the internet any different? We shouldn’t have to make our children age up to sign up for accounts online. We need to encourage children to engage on sites, apps and games for their age group. There are plenty of alternatives to Facebook and other social networks that are set up for adults.

Denise G Tayloe

Co-Founder & Chief

Executive Officer

PRIVO

+1 571 297 1798

dtayloe@privo.com

https://www.privo.com/

LEAVE A REPLY

Please enter your comment!
Please enter your name here