Who Else is Collecting Data About Your Children?

privacy, COPPA, data, online, child

Digital footprints are not exclusive to online shoppers or avid social media users; everyone has one, including your 5-year-old child. Any online activity contributes to their “digital portrait”, making them vulnerable targets to advertisers and internet predators.

Taking Precautions

In an effort to protect minors on the world wide web, the FTC Children’s Online Privacy Protection Act (COPPA) created compliance regulations for online operators that host children under the age of 13 in 1998. Websites must (1) provide notice of what type of information is being collected and what it is being used for (2) obtain verifiable parental consent for collection/use of said information and (3) establish procedures to ensure confidentiality of data collected. In addition, it is illegal to make site entry/game participation contingent upon the amount of information disclosed.

However, “age limits” did not stop persistent pre-teens from joining social media and gaming sites. Regardless, 10 years later, data collection came to be mostly implicit. Thus, the FTC expanded COPPA in 2013 to include photos, videos, audio, device location, as well as other “persistent identification systems” (cookies, unique serial numbers on mobile phones, IP addresses).

The Current Situation

COPPA mostly attempts to thwart behavioral advertisers and 3rd party marketing agencies. For example, this past year, consumers claimed that Google violated user privacy as they consolidate user data across all platforms (Google Maps, Google search, etc.), making for a more comprehensive user profile. The announcement of this pervasive policy change was deemed “deceptive” by consumer advocates. This is not the first time they have received contention.  Now, Google Maps includes “shareable lists”; on the note of privacy, WLRN writes “..the latest version of the Google Privacy Policy — dated Aug. 29, 2016 — states that ‘depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google.’ A note on the side specifies that ‘your activity on other sites and apps’ might come from your use of other Google products.”

However, parents need be aware of the privacy policies of common online tools (covered under COPPA or not), as well as the unconventional modes of data collection –like the following– and their possible repercussions. 

> 3rd party utilities. Despite this Facebook Hoax that claimed all personal information would be disclosed, Facebook privacy policies have relatively come under less fire. However, the 3rd-party Stalkscan makes access to FB personal content easier than ever before: “Stalkscan collects the huge amount of information revealed by that search term and puts it in an easily accessible form, allowing anyone to see all of the information about a person that it would be able to dredge up.” Although they claim it is not a breach of Privacy Policy, it exposes data that users may not know is defaulted “public”. Facebook provided Privacy Checkup to mitigate this vulnerability.

> Smart Toys. In recent years, toy companies have released products that allow for major security breaches. In Germany, the Federal Network Agency advised parents to destroy the My Friend Cayla doll. The Cayla doll interacts with children and responds to their questions by searching the web; it then stores child searches to be used by agencies.  In addition, researchers discovered “a hack allowing strangers to speak directly to children via the My Friend Cayla doll”. Mattel’s version Hello Barbie proved vulnerable after reports that the Wi-FI-enabled doll could be used as a surveillance device by hackers via the connected network; hackers could find out where the toy/child was or send back false data to the parent about child’s location. Hello Barbie also stores Wi-FI network names, the account IDs, and the audio it records.

> Video games.  According to the Wisconsin Department of Justice, child predators a lurk in chat rooms of sites “kid-friendly” gaming platforms. The predators can randomly search for a name in the database, see that the child is a Minecraft player, and then strike up a conversation in a chat room. Minecraft, not unlike other games, allows kids to play with other people in three ways: (1) a local area network (LAN) (2) online server or (3) Minecraft Realms. In addition, many kids post videos of themselves playing games which leak heavy clues to personal information and location.

For more information on online student safety, subscribe to our newsletter: 


Leave a Reply