Children today increasingly explore their identities and learn about the world online. In a rapidly evolving digital environment, conventional means of empowering and protecting children are no longer sufficient. Therefore, our systems and policies must evolve alongside the digital transformation to preserve children's privacy rights online. Panelists will discuss existing and emerging global child privacy protection policies and strategies, key considerations for the public and private sectors, and the need to equip children with digital literacy and citizenship skills.
2. ● Still developing
○ Unable to fully weigh benefits and risks of data collection and use
○ Limited impulse control
○ Socially vulnerable
● Lack of experience
○ Social norms
○ More trusting
● Potentially more acute harms
○ Difficulty understand potential future harms
○ Harms may not be fully realized or discovered until later
WHY CHILD PRIVACY PROTECTIONS?
3. UNICEF PRINCIPLES ON CHILDREN’S
ONLINE PRIVACY & FREEDOM OF EXPRESSION
Principle 1 Children have the right to privacy and the protection of their personal data
Principle 2 Children have the right to freedom of expression and access to information from a
diversity of sources
Principle 3 Children have the right not to be subjected to attacks on their reputation
Principle 4 Children’s privacy and freedom of expression should be protected and respected in
accordance with their evolving capacities
Principle 5 Children have the right to access remedies for violations and abuses of their rights to
privacy and free expression, and for attacks on their reputation
4. RECOMMENDATION OF THE OECD COUNCIL
ON THE PROTECTION OF CHILDREN ONLINE
Principle 1
Empowerment
Policies should empower children and parents to evaluate and minimize
risks and engage online in a secure, safe, and responsible manner
Principle 2
Proportionality
& Fundamental
Values
Policies should be proportionate to the risks and not restrict the
opportunities and benefits of the Internet for children; policies should
uphold fundamental democratic values of freedom of expression, privacy
protection, and the free flow of information
Principle 3
Flexibility
Policies should be age-appropriate and accommodate developmental
differences and special vulnerabilities
5.
6. ● Commercialization
● Age-inappropriate content
● Physical safety
● Loss of opportunity
● Social detriment
● Surveillance acculturation
● Screen time and addiction
POTENTIAL RISKS & HARMS
7. ● Children’s Online Privacy Protection Act (COPPA)
● Children’s Internet Protection Act (CIPA)
● Family Educational Rights and Privacy Act (FERPA)
● Protection of Pupil Rights Amendment (PPRA)
● California’s Eraser Button Law
● State Laws
US LAWS IMPACTING CHILDREN
8.
9. ● Came into effect May 2018
● Covers entities based in the EU and processing data of people in the EU
● Data Protection Agencies (DPAs) can issue fines up to €20M or 4% of annual
revenue for violations
Requires verifiable parental consent for processing personal data of children under
the ages of 13 to 16, depending on the member state, child-friendly language for
notices provided to children, particular attention to the right to erasure, prohibits solely
automated decision making used on children’s data, and provides that children’s rights
and freedoms override data controllers’ interests when there is a conflict.
EU APPROACH: GENERAL DATA
PROTECTION REGULATION (GDPR)
11. “CINDERELLA LAW” OR “SHUTDOWN LAW”
● Requires parental consent for children under the
age of 16 to access gaming websites
● Prohibits children under the age of from playing
online video games between midnight and 6AM
KOREAN YOUTH PROTECTION
REVISION ACT
12. ● Which ages should receive greater privacy protections, and should the parent
or child ‘own’ those privacy rights?
● Should consent-based or rights-based legislation protect children?
● Should child privacy protections be included in comprehensive consumer
privacy frameworks or are additional child privacy policies necessary to
protect children?
GLOBAL CHILD PRIVACY POLICY
CONSIDERATIONS
13. ● Under COPPA, parents/legal guardians must opt-in for the collection of data for children
under 13
● Under CCPA, minors between 13 and 15 must opt-in for sale of their data, parent/legal
guardians must opt-in for children under 13
● Possible Alternatives
○ Age-Gate - require age verification prior to accessing service
○ Signpost - segment traffic by age
○ Privacy by Design - build in privacy at every stage of product development
○ Age Bands - develop different versions of product or service for defined age
bands, ranging from infancy to adulthood
WHEN IS CONSENT APPROPRIATE?
14. WHAT IS APPROPRIATE FOR
DIFFERENT AGES?
● Higher Age (16 GDPR, 18 UK AADC)
○ Extends protection
○ Parental access? Deletion?
Portability?
● Lower Age (13 COPPA)
○ Promotes participation
○ Encourages development of digital
media literacy and resilience
15. With an age gate, children either...
● tell the truth about their age and retain child privacy protections, but lose access to
online services or;
● lie about their age and retain access to online services, but lose child privacy
protections
WHAT ABOUT “AGE GATES?”
Good afternoon! Thank you for everyone who has joined us for our fourth privacy legislation webinar. Our focus today is child privacy. Presenting are FPF’s youth and education team: Amelia Vance, the Director of our Youth and Education Privacy program; Tyler Park, Policy Counsel; and Jasmine Park, Policy Fellow;
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
I just described multiple reasons why children are more vulnerable and may be in need of additional legal protections, but that lends itself to a multitude of protections. This chart from the Organization for Economic Cooperation and Development, an international organization that the U.S. is part of, illustrates the many online risks for children, from identity theft to stranger-danger to harmful content to online marketing and oversharing. When looking at child privacy, it is important to be focused, and ask...
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.
The major focus federally and in states is on creating consumer privacy legislation, so why is this series devoting a webinar to child privacy? First and foremost, practically, many consumer privacy laws and proposals, from California’s Consumer Privacy Act to Senator Wicker’s recent bill, have included additional protections for children. We all know that children are especially vulnerable and deserving of special protection above and beyond the protections given to adult consumers, but I think it is valuable to briefly explore why. There are three major ways that children generally differ:
1) their brains are not fully developed, and they are often not fully able to weigh the benefits and risks of data collection and use. Children are also more socially vulnerable and impulsive than adults, which can lead to risky behavior. Children are less likely to be able to resist peer pressure, influence from adults, and marketing than adults. Children are also particularly vulnerable to dark patterns, which are design choices on websites that influence an individual to behave a certain way.
2) Relatedly, children are often experiencing things for the first time, and are less likely to be aware of social norms, and may be more trusting than adults.
3) Finally, children can suffer more acute privacy harms than adults: if their identity is stolen, it is less likely to be discovered until adulthood when they apply for a credit card. Rejection from peers or being ostracized hits harder for children, so private information being exposed can be more damaging to their development and feelings. Because of their ongoing brain development, children have difficulty weighing harms that could occur in the future with their actions, and so the idea that a social media post from early adolescence could impact their later ability to go to college or get a job is harder for them to understand.