This post reflects the opinions of the author and not necessarily those of Mashable as a publication.
James P. Steyer is CEO and Founder of Common Sense Media, a non-profit organization that provides education and tools for parents and kids about the media and technology in their lives. You can follow them on Twitter at@commonsensenews, on Facebook, and read reviews and advice at commonsense.org.
Most kids today live their lives online, immersed in a mobile and digital landscape. While the Internet is a platform for innovation and provides rich resources for entertainment and learning, the nature of digital interaction creates deep concerns about the privacy of children. Parents fear that their children will inadvertently make personal information public, potentially damaging their own reputations and those of their friends. But they also have profound — and justified — concerns that what their children say and do in the digital world is being tracked by marketers and information aggregators who aim to profit from their personal information and online activities.
Children’s online privacy involves two key concepts: our fundamental right to privacy and our need to protect our children from potential harm. At the moment, the Children’s Online Privacy Protection Act (COPPA), which prohibits the collection of “personally identifiable” information from kids ages 12 and under without parental consent, is the cornerstone policy protecting children’s online privacy.
But COPPA was written before 1998, long before the advent of social networks like Facebook, information aggregators like Google, social game sites like Zynga and geolocation announcers like Foursquare. These sites all have business models that are based on following online activities. It’s no wonder these companies and their competitors oppose legislation that would in restrict their access to information — even if it means not protecting the privacy of kids.
Recently, congressional leaders introduced a “Do Not Track” bill, which would build on the principles of the national “Do Not Call” registry, and set clear standards for how and when a consumer’s personal information can be collected. It also would enable users to opt out of online tracking.
But this legislation may not end up addressing the issue of tracking of minors. Kids should not have to opt out of something in order to protect their privacy. Both sides of the political aisle should agree on that point, but to truly protect our kids, we need a comprehensive approach, and one that includes these important components.
Ground Rules
Children and teens should not have their online behavior tracked or any other personal information about them profiled by or transferred to third parties. Companies — whether Internet service providers, social networking sites, third-party application providers, data mining companies or advertising networks — should not be permitted to sell or transfer that personal information.
Without parents or kids knowing it, companies collect, store, and sell information about what kids do online and on mobile phones. Companies can track which websites kids visit, what searches they conduct, which videos they download, who they “friend” on social networking sites, what they write in e-mails, comments or instant messages, and more. This type of tracking is what needs to stop.
The Industry Standard for All Privacy Should Be Opt In — Especially for Kids
Companies and operators should not collect or use personal information unless users give explicit prior approval. The opt in standard is fundamental to our ability to control our personal information. If online companies, services and applications want to collect and use personal information, they should get permission beforehand by asking people to opt in to the service.
Most sites and networks achieve this through a terms of service agreement, or a privacy policy, which users must agree to before signing up for an account. The trouble is, many policies are extremely long and complex, and few people actually review them before hitting “I agree.” While this is ultimately the responsibility of the user (or the user’s parent, in this discussion), it’s in the industry’s interest to simplify these agreements (see below). Additionally, if any changes are made to the policy after a user registers, the user should be notified and required to review and agree to the new terms — especially when it comes to minors.
Privacy Policies Should Be Clear and Transparent
Privacy policies need to be easy for users to find and understand and should be carefully monitored and enforced. Any significant privacy policy changes should require a clear new opt in by the user or the parent, depending on the age of the child. Most privacy policies today are lengthy legal documents written at a college level or beyond. Instead, companies should use icons and symbols that would be easy to understand and would clearly convey how personal information will be used.
Parents and Children Should Be Educated About Online Privacy
Kids and their parents need to do their part to protect their online privacy and the privacy of their friends. We need a large-scale, multi-year public education campaign to help them learn how to do so effectively. I believe that it should be funded by the industry. Young people need to learn to protect their own privacy and to respect others’ privacy. There should be a digital literacy curriculum in every school in this country with privacy as an essential component.
Privacy Protections Should Apply Across All Online and Mobile Platforms
Current privacy regulations need to be clarified and applied to all online and mobile services and platforms. Social networking sites shouldn’t be able to collect or sell kids’ private information, and neither should third-party apps on those sites. Location-based services shouldn’t be allowed without prior parental consent to a clear and understandable privacy policy, regardless of whether the service is provided by a non-FCC carrier.
Conclusion
After years of complaints from consumers, industry leaders have finally begun to acknowledge the enormity of the privacy issue. Now it is time to step up and make it easier for parents and kids to protect themselves. Through a combination of legislative action and advocacy, we can make the web safer for kids.