The PRIVO Kid’s Privacy Manifesto
Today, on Data Privacy Day, online privacy experts in the US, Canada and Europe have geared up to educate consumers and businesses – over the course of a single day – about the importance of protecting the privacy of their personal information online. For most of us, this means wondering how much of our data the sites and apps we frequent are mining and hoping we haven’t posted any embarrassing photos on our timeline. For parents of children from toddler-age to teens, however, this means constant vigilance in making sure kids aren’t sharing personal information that will endanger their identities; whether it’s in the online world or the offline world, for parents, the reality is every day needs to be child data privacy day.
The first step is to demand that reputable online sites, services, and apps serving kids and families go beyond what US privacy laws like the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA) requires. In working to support the White House’s National Strategy for Trusted Identity in Cyberspace initiative, PRIVO has developed the Kid’s Privacy Manifesto, a set of online privacy best practices that parents should demand from online service providers.
Online service providers MUST:
- Protect kid’s online identities as if they were protecting their own kids’ online identities
Kids are especially vulnerable: their identities are not to be exposed, their information is not to be sold or traded, and their photos, voices, and writing must not be made available without a parent’s fully informed consent.
- Collect and share no more information than they need to provide a service
How much information is enough? Usually it’s a non-personal display name and an email address for password reset, but maybe a bit more if it’s an interactive service. Under no circumstances, however, should kids be tracked as they surf the Web.
- Provide parents with a clear and easy-to-understand explanation of all their privacy practices
Parents are the last line of defense for a kid, and we need to do all we can to make them successful. That means privacy policies and parental consent mechanisms that are in plain language that’s both easy to understand and completely comprehensive.
- Exceed what’s expected of them from bare compliance with the law
COPPA may be the strongest online child privacy law anywhere on the global Internet, but online service providers can do better. No matter how little information is being collected, parents should be given notice as to the site’s practices, the ability to consent to those practices, and the ability to opt-out of those practices when they change. In addition, verifying parental identity when getting that consent should consist of more than just a return email.
- Support solid online safety education for all kids
Good online safety curriculum teaches kids which pieces of information are important to keep private, how to understand the difference between trusted and untrusted sites like blogs, knowing the importance of creating strong passwords and keeping them private, learning what social media is and how to use it responsibly, the implications of sharing selfies with others, and how to handle cyberbullies without becoming a cyberbully themselves.
While there are many dangers our kids face every day on the Internet, we owe it to them to take the right steps to proactively protect them and make their online experience as enjoyable – and safe – as possible.