Children’s data privacy: What’s a parent to do?

Cybercriminals can sell children’s data on the dark web, where buyers use it for tax fraud or creating fake identities for identity theft.

Selling children's data: The latest dark-web trend

Happy International Data Privacy Day! What kinds of conversations do you have with friends and family about privacy? Over the holidays and through the new year, I had the topic of children's data privacy and device use come up multiple times. This included concerns about apps and internet-connected toys to technologies used in the classroom.

The concerns are real

Every time you share data – especially personal information -- with an organization, you're trusting that they can protect it and your privacy rights. Unfortunately, as you've likely seen often on the news, there are many examples of data breaches, incidents of exposed data, and data misuse. Personal data is valuable. Organizations that collect this data may seek to monetize it by sharing or selling it to third parties. Cybercriminals can also sell children's data on the dark web, where buyers use it for tax fraud or creating synthetic identities for identity theft.

There are things parents can do

Free resources exist for parents today.

  • Common Sense Media provides parents with free tips and tools for privacy and internet safety for kids, in addition to information about movies, TV shows, and apps/games.
  • The Electronic Frontier Foundation provides tips and questions parents can ask about student privacy to school administrators.
  • The Digital Learning Center at the Zurich University of Teacher Education has produced free teaching aids about data protection, and how to talk to children ages 4 to 9 about privacy.
  • The CynjaSpace app can help kids learn about internet safety.
  • The National Cyber Security Alliance's Stay Safe Online offers privacy tips for parents and teens.
  • In 2019, Consumer Reports launched a Digital Lab to evaluate connected products and services and companies' privacy practices.

Regulators and lawmakers are paying attention

In 2019, Google and YouTube settled with the FTC and New York for a total of $170 million for collecting personal information from children without their parents' consent. In January 2020, the UK ICO published an Age Appropriate Design Code, which is a set of 15 standards that online services should meet to protect children's privacy.

The California Consumer Privacy Act (CCPA) which recently went into effect this year, includes provisions for consent for collecting personal information about children. A new bill (Preventing Real Online Threats Endangering Children Today, or PROTECT Kids) in the US House of Representatives aims to update the existing Children's Online Privacy Protection Act (COPPA) which went into effect before the age of social media and smartphones.

Companies will do more to win over customers

Laws and regulations take time to pass. Recognize that they provide a minimum bar for what companies need to do. Today, data security and privacy is a competitive differentiator, not just a compliance requirement. This spans across how a company designs its products and services, to how they communicate to you about your privacy rights and what data they are collecting and why, how they ask for your consent to collect data about your child, and more. It will all be a part of what a company must do to offer an excellent customer experience. Keep this in mind the next time you are considering a purchase or signing up for a service.

This post was written by Principal Analyst Heidi Shey, and it originally appeared here.