PRIVO makes the case for allowing kids their own online identity in the drive towards protecting children online.
Today’s children, tweens and teens have no boundaries between the real world and the online world. Connected devices, social platforms, apps and sites, not to mention Artificial Intelligence, are deeply integrated into their world. The online world develops at such a pace that regulations protecting children online cannot keep up with the innovation; and the tech giants then claim innovation is stifled by regulation. Where does that leave our children’s privacy and safety? Children are educated from a young age not to talk to strangers or share personal information such as their address or phone number, yet millions of children are online every day doing just that. They are also subjected to online bullying, hate and exposure to content that is damaging to their well-being and inappropriate for their age.
The US Children’s Online Privacy Protection Act (COPPA) has been in force for 20 years. Its focus was originally to protect children’s privacy from exploitation by marketeers. Unfortunately, many companies did not want the headache of handling verifiable parental consent mandated under COPPA when children share personal information and thought blocking children aged 12 and under would do the trick. Research over the past 10 years consistently shows children flocking to these platforms and creating their own accounts and digital footprints, circumventing age gates that are frankly ineffective.
In many instances parents are aware that their children are on the social media platforms but instead of educating them as to why they shouldn’t be or enforcing steps to ensure the platforms are protecting children online and offering them a privacy and safety enhanced experience, parenting blogs and online safety organisations are publishing guides on how to support children in these environments. Many parents are unaware that their child is being tracked, that profiles are being built and shared by big business and other organisations and that this will impact them for the rest of their lives.
Offline v online
Platforms such as Facebook and Google often serve as an online identity. Children have lied about their age to access these platforms. This means the child now has a ‘fake ID’ allowing them access to other age restricted products without a bouncer at the door verifying who they really are. The implications of this are far reaching and potentially hugely impactful on their wellbeing and future.
It is vital to compare the way we treat children offline with privacy and safety standards and accountability online, as the child makes no divisions in their world. Protecting children online by building secure identities that a child can carry through the ecosystem and into adulthood is not only nice to have, it is necessary. As a parent, would you feel comfortable dropping off your 11-year-old child to a school dance without any chaperones? Would it be acceptable for a child to hand out selfie photos of themselves with their address on the back in a public place to strangers? Is it ok for a child to show a fake ID to buy a porn magazine? Do we want our children hanging out in a bar with adult strangers for karaoke night? The big wide world, with all its wonder and all its harms, is carried into the safe space of home on their devices and in the services they can access, even with a parent sitting beside them.
Is regulation the answer?
The EU’s more recent General Data Protection Regulation (GDPR) aims to give data subjects control of their personal data including children. The Right to Erasure clause alone is highly significant. However, privacy and safety go hand in hand and there is an urgent need not just to recognise this but to take steps in terms of regulation, education and privacy initiatives.
PRIVO welcomes the UK’s Information Commissioner’s Age Appropriate Design Code which should come into force later this year. The code will ensure privacy by design and default. The recently published Online Harms White Paper is also welcome but long overdue. It proposes the establishment of a Duty of Care Law, to be overseen by an independent regulator. Companies will be accountable for tackling online harms.
These harms go beyond illegal activity and extend to behaviour and content that is harmful. There is still much work to be done but it is a step in the right direction and could ultimately change the way social platforms can operate.
At the same time, there are proposals to amend COPPA. These amendments should ensure that social media platforms can no longer turn a blind eye to actual knowledge that children 12 and under are sharing their personal information publicly: children do need rights to preserve their privacy and it is vital to find ways to tackle safety issues. Legislation protecting children online must go hand in hand with education; only then will we start to see the tide turn. A Children’s Bill of Rights which encompasses teenagers, coupled with robust regulation and enforcement alongside an education programme, would be a good starting point.
Kids need their own online identity
Children need to own their online identity from the cradle to the grave, allowing for proper age verification online. Not only do they need control over their personal data as do their parents, they should also be afforded safety measures and protection from harm just as they are in the offline world. Building a healthy online identity ecosystem will support privacy and allow children to engage and develop in a safer environment. Children need their own privacy enhanced single sign on (SSO), with ability to obtain parental consent where required, manage preferences and have privacy settings defaulted to high. Currently, standard login and signup options include Facebook and Google, both with age limits.
An SSO has to be developed by a neutral third party and not by one of the commercial entities which currently collect and exploit personal data to worrying degrees. The SSO should grow with the child through their teens and beyond in adulthood. Information Society Services also need to take responsibility for verifying the age of their users if the content is strictly for adults; and if there are risks to privacy or potential exposure to harms, they should ensure that measures to screen for age or identify age are robust. This poses challenges where ages of consent differ between Member States, but these can be overcome and there is existing technology available to achieve these goals.
Protecting children online with the PRIVO iD
As a privacy first company, helping companies be compliant with COPPA, GDPR and student digital privacy laws, PRIVO is now leading the way with a privacy enhanced SSO for kids to help them engage and transact online more safely, with the added benefit of streamlining parental consent when needed. In addition, PRIVO is developing an age appropriate device registration technology which puts age restricted products and services on notice if they are dealing with a minor and need to block them, helping advance a robust privacy preserving global digital ecosystem.
Children are curious by nature and will always want to try the forbidden and test the boundaries – it is part of growing up. It is therefore the job of industry, parents, regulators and educators to give them the tools and protections to allow them to engage online in a meaningful way, instead of enabling them to lie about their age or blocking them entirely. Children are always online, there is no off switch in their world so turning a blind eye on protecting children online is not the answer.
Denise G Tayloe
+1 703 932 4979
+1 786 655 3707