Current data protection laws by themselves are not enough. Here’s what every parent needs to know to help keep their kids’ identity safe online.
Most parents today were able to grow up without a digital record of their childhood. Their children, however, will not. Kids today, and of the future, will be tied to their online identities. According to Wired, 81% of kids in the world and 92% of kids in the US have a presence online before they turn 2 years old. And 95% of US teens have access to a smartphone.
GDPR, COPPA, and CRPA are not enough
Privacy laws such as Europe’s General Data Protection Regulation (GDPR), the United States Federal Children’s Online Privacy Protection Act of 1998 (COPPA), and California’s recently passed Privacy Rights Act (CPRA) have helped move the data protection needle forward. But the truth is we don’t know what ramifications data collection will have on future generations and current laws to protect children currently lag desperately behind today’s technologies. Parents must still do most of the job of protecting their kids’ online privacy - reputational and consumer privacy - themselves.
What do the main child privacy laws say?
Here’s a recap on what these main privacy laws means for kids:
COPPA “imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.”
GDPR “applies to both children and adults alike and includes certain child-specific clauses that aim to protect the data of children. Children merit additional protections because they are less likely to be familiar with the risks, consequences and safeguards regarding their personal and public data. The GDPR has a non-standardized definition of a child, with the default age set to those 16 years old and below. Member States are permitted to lower the age cap to define children in the GDPR, but to no younger than 13 years old. This is an option nearly half the Member States have exercised.”
CPRA “determined that companies collecting personally identifiable information of consumers are required to clearly and transparently inform them when they employ automated decision-making technology. The CPRA beefs up punishments for breaches involving children’s data. Any administrative fines are three times as much for kids’ PII. Additionally, the law also will affect how consent is managed and obtained by regulated companies, allowing parents to have more control over the personal information of their children.”
10 Child Data Privacy Tips
Despite the progress being made by each of these laws, there are still variations by state and by country. Also, some parents are the first to overlook the laws to grant consent to their children to access many online tools before the age of 13. In such a fluid and hodge-podge environment, it can help to have some universal guidelines. Here are our top 10 data privacy tips for parents to share with their children and implement immediately:
- Keep applications and operating systems up-to-date. When developers release updates, hackers can determine how to break into systems that have not been updated.
- Think before you act. Anything that asks you to do something immediately is suspicious. Stop what you are doing. Research it online. Ask an adult to help you investigate.
- Ask permission before you post. Ask a person for permission to post a photo of a friend or stranger online. It’s a matter of respect, and in many cases it is the law.
- Never share personal information online. Your full name, birth date, phone number, location can be used for data theft. Never share this information about yourself, or about a friend, with anyone.
- Stay ‘two-steps’ ahead. Activate two-step authentication or multi-factor authentication to prevent unauthorized access to your account.
- Think about how what you post now might affect you in the future. What seems funny or cool now, could be harming to your future career. Remind kids that what they share online stays online for a lifetime.
- Limit whom you share information with. Set privacy and security settings online. Turn off location sharing. Be mindful of what you are sharing, do you really need to share it with the world? Remember your attention is the equivalent to money. In fact, according to The Economist, “The world’s most valuable resource is no longer oil, but data.” So, be careful how you spend it. Not sure where to adjust your privacy settings? The National Cyber Security Alliance has provided direct links to some of the most popular online services. And remember, it’s not just smartphones, tablets and laptops that you need to look out for. Devices like smart watches are increasingly under scrutiny for being a ‘security nightmare’.
- Only visit secure websites. Make sure the url of the site you are visiting or shopping has an https:// url (not http://). We recommend parents set up HTTPS Everywhere, a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.
- Never ‘remember me’ on public computers. And make sure to delete your cookies and browser history.
- Beware of loopholes. Despite age gates, kids can get around the age 13 restrictions rather easily. For example, Instagram is under scrutiny in Europe for leaking data of children who changed their regular Instagram accounts to Business accounts which are not protected. Also, parents who have children using tools like Google Classroom should also be careful that their child is using a school provided gmail account, because their child’s data may not be protected if they are using a public Google account.
- How to Protect Our Kids' Data and Privacy (Wired)
- What is GDPR, the EU's new data protection law? (GDPR.eu)
- Art. 8 GDPR – Conditions applicable to child's consent in relation to information society services | General Data Protection Regulation (Intersoft Consulting)
- Children's Online Privacy Protection Rule ("COPPA") (FTC)
- Council Post: Looking Ahead To Data Privacy In 2021 (Forbes)
- International Data Privacy Day 2021 (Information Security Office)
- What Your Web Browser's Incognito Mode Really Does (Consumer Reports)
- Children's data privacy: What's a parent to do? (ZDnet)
- Child Data-Privacy Laws Aren't Protecting Kids (The Atlantic)
- Instagram's handling of kids' data is now being probed in the EU (TechCrunch)
- Britain Plans Vast Privacy Protections for Children (The New York Times)
- Kids' Smartwatches Are a Security Nightmare Despite Years of Warnings (Wired)
- Regulating the internet giants - The world's most valuable resource is no longer oil, but data | Leaders (The Economist)
- Children's Rights and the GDPR Blog CyberLex (Lexology)
- The California Privacy Rights Act (“CPRA”): How to Make Sense of CCPA 2.0 (Osano)
- Manage Your Privacy Settings - Stay Safe Online (National Cyber Security Alliance)
- HTTPS Everywhere (EFF - Electronic Frontier Foundation)
- How to Clear your Cookies in Chrome, Firefox, Edge, Safari or Opera (Comparitech)