Lawmakers’ interest in children’s online privacy is not new. However, in light of recent changes in Internet use and the impact that the COVID-19 pandemic has had on children’s lives, there are concerns that the existing provisions of the Children’s Online Privacy Protection Act (COPPA) may not be enough. On May 11, Senators Edward J. Markey and Bill Cassidy proposed a bipartisan bill to update online privacy laws in a way that reflects the new realities of the pandemic and the growing use of technology by children and teens.
The two lawmakers argued that, due to the pandemic and schools being closed, children have been spending considerably more time online, but their online privacy may be threatened by the interests of Big Tech companies. Unfortunately, private companies do not differentiate between children and adults – for them, every user is an opportunity for monetization, so they don’t hesitate to track the activities of young people online.
The same concerns have been voiced by numerous parent groups. For example, one study found that 76% of parents are worried about their kids’ privacy when using the Internet, and 67% fear that they are exposed to inappropriate content while distance learning. Unfortunately, many feel powerless against big companies and don’t know how exactly to protect their children. Since so many young students need the Web for school, telling them to stop going online is not an option.
One of the main provisions of the bill is to extend the privacy laws to teenagers, whose data can currently be tracked without their parents’ consent. According to one survey, this decision is backed by 90% of parents, who fear that their teenagers’ data is being unethically tracked.
Other points mentioned in the bill include:
- Businesses should not be able to track the data of teens aged 13-15
- Brands should not create targeted ads for children
- Companies’ rights to collect the personal data of underage users should be limited
- Teens and parents should have an eraser button that removes brands’ access to their personal information
- The Federal Trade Commission should have a Youth Marketing and Privacy Division
- Online companies that collect children’s data should disclose what kind of information they track and how it is being used
Lawmakers point out that children and teenagers cannot make a distinction between online entertainment and sponsored content, which is why exposing them to targeted ads is a form of exploitation. Although it’s up to parents to explain to their children what they should click on and what not, children use the Internet so much these days that it’s almost impossible to keep them fully protected. Therefore, it should be up to lawmakers to ensure that companies cannot use their personal data for commercial interest.
The bill was received with enthusiasm by parents and came at a time when privacy concerns were at an all-time high. For example, many complained about Facebook’s policies, which currently allow companies to advertise drugs, alcohol, diet pills, and gambling, to users aged 13-17. What was even more scandalous is that the prices for displaying such ads to thousands of children started as low as $3. Facebook’s official terms of service state that these kinds of ads cannot be displayed to users under the age of 18. However, there is a loophole, and brands didn’t hesitate to use it: advertisers can target people under 18 if they determine that they have an interest in alcohol, weight loss, or gambling.
Is the data collected by schools safe?
The data collected by advertisers when children use the Web for fun is one thing – but what about the data that’s collected by schools? Unfortunately, things can get quite murky.
Because of the COVID-19 pandemic, millions of US families have had to adapt to distance learning. According to the US Census Bureau, 93% of households have reported some sort of distance learning. Most schools switched to online classes, but the transition has been rushed, and, in the same way that many businesses have been made vulnerable, schools have encountered similar issues.
A TechRobot analysis revealed that the COVID-19 pandemic has encouraged privacy-invasive technologies in schools. Although schools themselves do not treat data in the same way as advertisers do, they have to share it with the authorities. From there, the data is circulated in their internal systems and may eventually find its way into the hands of third parties. The intentions of those third parties might not necessarily be unethical but, if they do not have the right digital security infrastructure in place, there’s a chance that student data could be accessed by hackers and used for all the wrong reasons. For the first time ever, we are dealing with a huge amount of data collected by schools, and we cannot afford to ignore the possibility of that data being accessed by cybercriminals.
This is something that the proposed bill aims to address. In the bill (whose full copy can be found here), lawmakers suggest that Internet-connected devices targeted towards children should meet the highest cybersecurity standards. The measures may not be enough, however. At present, many schools do not allow parents to opt out of data sharing and even take action against them.
What can parents do to protect their children’s data?
Until the proposed bill comes into effect and until schools have more flexible online security policies, it falls onto parents to make sure that their children grow up following good cybersecurity practices and take preventive measures against cybercrime.
These measures may include:
- Using a VPN to prevent third parties from tracking personal data and antivirus software to prevent malware infections.
- Using parental control to ensure that children and teenagers do not use their devices to access inappropriate content. At the same time, parental controls can reduce cyberbullying.
- Talking to the school board about the security systems used and the data they share with third parties. If you are uncomfortable sharing this data, do not hesitate to opt out.
Even as schools reopen, distance learning may remain an option, so talking to your child about cybercity and teaching them the best practices is an investment for the long term.