Is your child ready to graduate from younger sites to the world of social media? Before they’re off and running, take a look at our parent’s guide to social media. It contains 5 tips to help your child have a positive experience online, while avoiding the pitfalls that can crop up. With thanks to the Family Online Safety Institute’s A Platform for Good for providing PlayWell, LLC with the forum for the discussion!
Ever since the Federal Trade Commission announced their amendments to the Children’s Online Privacy Protection Act (COPPA), the industry has been abuzz. The changes to COPPA resulted in some confusion, a few requests for more time to comply, a lot of media coverage, and in many cases, a significant amount of work to bring products into alignment. With all of that happening, it’s easy to lose sight of the fact that one of the main objectives of COPPA is simply to ensure that parents are in control of personal data that may be collected online from children under the age of 13. And for parents, it may be worth taking a look at what this is all about, and what COPPA does – and doesn’t do – to help protect your children.
What is COPPA all about?
COPPA actually went into effect in April 2000, but it was updated recently to take into account changes in online technology. The goal was and remains, to minimize the amount of personal information that websites and online services collect, use and disclose from children under the age of 13, and to ensure that parents authorize that before it happens.
Essentially, if a site or service doesn’t need certain personal data from a child in order to operate or provide a feature, the data can’t be collected. If data does need to be collected, the operator of the site or service needs to ask the child’s parent for permission first. There are some exceptions to that, but they are very limited, and the parent remains in charge.
The law is also very clear about the steps sites and services need to take to ensure that the person giving permission is the parent. In short, the more extensive the plan to use the data (for example, if the data might be posted publicly on a website), the higher the threshold is for ensuring that the person giving permission is the parent, and not the child.
What sort of information qualifies as personal?
The list is fairly comprehensive, and it includes anything that would allow us to identify the individual child. For example, a full name, email address, phone number, photo of the child or fine geolocation information would qualify, as would an IP address if it was used to track a child across the Internet to build a profile for marketing purposes.
Which sites and services must comply?
COPPA only applies to sites and online services that are directed to children or that are intended for a more general audience but that have sections specifically intended for children. So, if your child is on a site or online service that is meant for adults, with no area intended for children, the law doesn’t apply unless the operator of that site or service knows that a child is there.
What are the rights of parents under COPPA?
In addition to granting (or denying) permission for a child’s data to be collected, used or disclosed, parents also have the right to contact the operator of a site or service and ask to review what types of data the operator collects from children. Parents may also contact the operator of a site or online service and ask that their child’s personal data be deleted, and that no additional information be collected from their child. (Of course, it may be that doing so means that the child can no longer access certain features of the site, since data is only allowed to be collected when it’s needed.)
What doesn’t COPPA address?
COPPA is about data privacy and security, not physical safety or the appropriateness of the content. (While privacy is a subset of safety, it doesn’t cover it all.) COPPA is not going to keep your child safe on a site that isn’t meant for young users. So don’t allow your child to lie about their age to get onto a site that’s not meant for them. When we think about it, there are likely certain TV shows, movies and video games that you don’t allow your young child to access. Apply the same considerations to website and apps. They’re just entertainment or information on a different type of screen. And regardless of the screen, if the product isn’t meant for children, there’s likely a good reason why that’s the case.
Monitor your child’s media usage. Set rules about what content is and isn’t appropriate. Yes, there’s a lot to cover these days, but young children will appreciate the guidance and the boundaries, and you’ll be laying the foundation for good media habits as they get older. Also, take a look at the sites your children are on and the apps that they use. Be sure they’re intended for users your child’s age and that you’re comfortable with the content. And finally, have a conversation with your child about what information they should and shouldn’t share online, and then take some comfort in knowing that COPPA is supporting that too.
A recent Pew Internet Research study tells us that a whopping 81% of parents of children aged 12-17 are concerned about how much information advertisers can gather about their children online. 72% of parents are also concerned about how their children may be interacting with strangers on the Internet. The concerns are especially strong for parents of 12-13 year olds.
Yet despite all of this fear and worry, there’s no denying the incredible benefits that technology offers children, and there’s certainly no stopping the digital generation.
At PlayWell, one of my roles is to help companies build safe social networking sites and mobile apps for children and teens. I work with businesses to shape the technology, policies and practices needed to create robust products that are safe and appropriate for young users. But I believe that educating parents about technology is also a critical part of ensuring that children stay safe.
So, what do parents need to know to about their children’s privacy and safety?
First, let’s separate the conversations a bit. Privacy and safety are related, but they are not interchangeable terms.
In the industry, when we talk about privacy, we are usually referring to both the collection of personally identifiable information and non-personal (and usually “silent”) data collection. The collection of personally identifiable information through sites and apps that are intended for children under the age of 13 is regulated by law. So, for parents, on those sites, or in instances where a site operator knows that the user is under 13, companies are required to ask for your permission before collecting the data from your child.
As for non-personal data, it’s a bit more complicated. The biggest concern you’ll hear about in the news is behavioral targeting. Generally speaking, this is when data about your browsing and viewing habits are collected across time and across multiple sites in order to build a profile of you. This profile is then used to serve you ads that a company thinks will most interest you. The profiles are generally built based on algorithms and panel data from other users. It’s the “you” that a company extrapolates based on where you go and what you look at online.
When it comes to children, the industry has self-regulated to avoid behaviorally targeting children, and the Federal Trade Commission has now updated the Children’s Online Privacy Protection Act to make behavioral targeting of children under the age of 13 a violation. By law, companies are not allowed to behaviorally target children.
So, do you breathe easier? Yes and no. It doesn’t mean that data isn’t being collected, and you still have some homework to do.
Companies are required to post privacy policies telling you what data they are collecting – overtly or silently – about children, why they’re collecting it and what they’re doing with it. Parents, you need to read the privacy policies. Yes, they can be long, complicated and hard to understand. We’re working on that. In the meantime, give it a shot. If there are terms – cookies, pixels, beacons – that are unfamiliar, a web search should uncover the information you need to help to take the mystery out of the technology. Then you can decide if the site’s practices are aligned with what you will allow for your child.
As I mentioned above, safety is a different – but related – term. In the industry, when we talk about online safety and children, we’re primarily speaking about preventing crimes and other nefarious behaviors. There’s conflicting data about whether or not the rate of crime against children has increased with technology. Some research tells us that crimes that had once been facilitated offline have simply moved online, and that better investigative techniques have led to increased arrests, even if the actual rate of crime hasn’t changed.
Either way, I would argue that even one crime is too many. It’s incumbent upon the industry to keep safety top of mind when creating websites and mobile products that are meant for children or that might appeal to them. As for parents, teach your children early and often about Internet safety. Here’s where privacy enters the picture, as privacy mishaps can often be a gateway to safety issues.
Break it down for your children:
1) If you don’t know someone in the real world, you don’t know them online. They are not your friends. They are strangers.
- You teach your children about “stranger danger” in the real world – teach them the same concept for the digital world. And just as you know who your children’s friends are in real life, ask them who they’re friends with on the Internet. If your child has 200 friends on a social networking site but only knows 30 people in the real world, it’s likely time to make some adjustments.
2) Passwords are private, and are not to be shared.
- Businesses ask you to create passwords in order to provide you with control over your private data. Unfortunately, children are increasingly sharing passwords with their friends. This can expose your child’s social networking accounts to more strangers, increasing the safety risk. There can be a bit of peer pressure involved with sharing passwords, as it’s often done among young children as an indicator of friendship. Be sure to give them the tools they need to resist.
3) Be honest about your date of birth.
- Sites restrict young users by age in order to comply with privacy law and to help keep children safe. Allowing your children to lie about their age in order to access a site can open them up to safety risks. Those age gates are in place for very good reasons, and we can’t protect your children if they pretend to be older than they are.
4) If you see something on the Internet that makes you uncomfortable, say so.
- Be sure your children know that if they see something that doesn’t sit well with them, they should tell you. Also, learn where the report buttons are on the sites that your child visits. Figure out how to use them (there are usually parent guides or other tutorials posted) and show your children what to do if they need them.
There’s more, but those are some of the basics that will help you get started. There’s no need to scare children about the potential dangers of the Internet any more than you do about the dangers of playing outside. With good business practices and your help, we can put children on the path to smart and safe digital citizenship. Spend some time with them learning about the sites they visit and digging into the privacy policies, safety features and site practices to be sure you are both comfortable. Then enjoy and breathe a little easier.