When Kalinda Raina’s 5-year-old started kindergarten last year, she didn’t know how to use her iPad to join a class, submit assignments, take a selfie or show herself on a video call. But she learned all that within the first few weeks of school.
Products and services marketed to children and teens have grown drastically in recent years, but the COVID-19 pandemic increased kids’ digital activities at what seemed like lightning speed. Classes, doctor’s appointments, social interactions, even extracurricular activities like piano lessons, all moved online.
Legislators are paying attention, closely examining the impact of digital platforms on kids, and proposing updates to the U.S. Children’s Online Privacy Protection Act as well as several pieces of separate legislation to enhance children’s privacy protections online. Momentum is also building toward a comprehensive federal privacy law.
It’s created what Common Sense Media Senior Counsel, Global Policy Ariel Fox Johnson, CIPP/US, said is a “moment like no other in the last 10 to 20 years.”
“There’s such a groundswell of outrage about what’s happening to kids and teenagers online,” Johnson said. “It seems like there is a lot more bipartisan consensus that this just can’t be left up to companies to decide what’s best, there need to be some rules, and that we need to move beyond notice and consent which has historically been the underpinnings of many U.S. privacy laws, including COPPA.”
Raina, CIPP/US, LinkedIn’s VP, Head of Global Privacy, has three children, is writing a book to help those in the privacy community better understand children’s protections globally, and has launched a YouTube series titled “Raising the Digital Future.” She’s concerned today’s children are a “generation being raised without protection.”
“I am very concerned about where we are headed for our children’s privacy, for their future,” she said.
Global ‘explosion of interest’
The Future of Privacy Forum’s VP, Youth and Education Privacy Amelia Vance said there has been a global “explosion of interest” in children’s privacy recently. Developments include the Irish Data Protection Commission's draft “Fundamentals for a Child-Oriented Approach to Data Processing” and the French data protection authority's eight recommendations to increase children’s data protection. The Netherlands’ DPA, Autoriteit Persoonsgegevens, fined TikTok 750,000 euros over children’s privacy violations, while the Irish DPC opened an investigation into how the platform handles children’s data.
What Vance called a “land shift” in change around children’s privacy grew dramatically with the rise of the U.K.’s Age Appropriate Design Code, known as the Children’s Code, which went into effect Sept. 2. The code outlines 15 standards online services should follow to protect children’s privacy and states that children’s best interests should be a primary consideration in designing and developing online services.
“It’s sort of this new approach in a way to regulating the whole internet because it’s really based on the premise that kids shouldn’t have to lie to use websites but should receive protections even when those websites are built for general audiences,” Vance said.
It’s a different approach than the consent-based framework of COPPA, the children’s privacy law in the U.S., which offers protections for children under the age of 13. In effect since 1998, Vance said COPPA is “sort of immersed in the beginning of the internet and we are constantly revisiting it,” adding there are concerns that technology has outpaced the law.
“You have a desire among most people for COPPA to change and ... Congress or states (are) looking across the ocean and saying this is a really interesting idea and it’s based in this concept of not restricting kids’ access to the internet, but making it safe for them,” Vance said of the Children’s Code.
When COPPA was passed, Johnson said the regulation was “really all about putting parents back in the driver’s seat” and helping them be “the gatekeeper” of their children’s online activities. The Children’s Code, she said, is rooted in the notion of protecting children’s best interests online.
“They are thinking more about how do we empower and also protect the child and less about how do we make sure parents have a say in what’s going on,” Johnson said.
U.S. Reps. Lori Trahan, D-Mass., and Kathy Castor, D-Fla., along with Sen. Ed Markey, D-Mass., have sent letters to 12 international gaming companies, as well as large tech companies, encouraging them to extend privacy protections afforded under the Children’s Code to children in the U.S. They also called on the U.S. Federal Trade Commission to ensure Big Tech companies extend rights to minors in compliance with the U.K. code.
Tech companies including Instagram, Facebook, TikTok, YouTube and Snap have announced additional privacy features for young users to comply with the code.
And legislative proposals in the U.S. include elements of the U.K. code. Johnson said the Protecting the Information of our Vulnerable Children and Youth Act, re-introduced by Castor, most parallels the Children’s Code. It would add protections for minors ages 13 to 17, coverage of sites likely to be accessed by children and teens, and calls for their bests interests to be a primary design consideration.
The balance of protecting kids online
Creating effective protections for children online is “a lot more difficult than legislators think it is,” Vance said.
“It really is about balancing the positive aspects of the internet, which I think Europe is doing much better than us. There is a lot more balancing of the positives and negatives in the EU and in the Age Appropriate Design Code than there necessarily are in some of our proposals, which are much more restrictive, much more subject to parental consent, which can be an onerous process,” she said. “It’s what, in many ways, has led kids to lie. So, if we lean in on processes that require more consent versus laws that build a stronger ground-up level of protections for kids, which is what is really coming to the forefront with the EU laws, then we may continue to have trouble.”
Johnson said companies should be “forced to think about the best interest of kids and not put their profits and bottom line above that,” adding she believes legislators are on the right track. She also noted a comprehensive privacy law would help to protect children online.
“Part of how COPPA doesn’t protect kids is because services think it doesn’t apply to them. If everyone had a privacy law, there would be less incentive to skirt around COPPA because you would have to provide privacy protections to everyone,” she said. “We want privacy for adults and also for kids and we think having rules for adults would help kids and teens too.”
Raina wants to see companies incorporate children’s privacy protections into product designs.
“That’s the only way we are going to solve this is if companies have guidelines they follow and find value in following those guidelines,” she said. “Often in the U.S. we are very specific as to exactly what needs to be done. We come up with concepts like consent. Whereas under the European model, you take it on yourself to design and think about products in a way that is more protective. I think that’s what we need to do more of.”
It’s incumbent upon privacy professionals, she said, to encourage their organizations to think about protections and how to design products specifically for children versus adults, even though they may not yet be required to do so by law.
“Do we design products that are just for kids, or do we design products that are more encompassing of privacy issues in general to help give kids those protections, and what are the protections kids need that are different from adults,” Raina asked. “In my mind, what kids need that is different is the space to still explore their identities and not have that identity become defining for them as they grow into adulthood. How do we give them the space to do that? How do we give them better control? How do we give them the ability to explore who they want to be without being stuck with something that may not be comfortable to them when they are in their 20s or 30s?”
Photo by Ben Wicks on Unsplash