How Parents and Educators Can Protect Children’s Online Privacy
January 26, 2021
For many children, the line between the physical and virtual worlds was already blurry. Then the coronavirus pandemic began, shifting even more of their daily activities online. Social distancing guidelines meant that education, entertainment and socialization all had to transition to virtual formats.
These changes helped protect the health of children and their families—but they may have also introduced unexpected online privacy risks.
“When a child is studying, visiting everything from Wikipedia to running searches and all this other stuff, they’re getting information and getting data, but they’re also giving information and giving data,” said Matt Mitchell, tech fellow at the Ford Foundation and founder of CryptoHarlem, an organization that offers free, community-based privacy training.
Kids may not be prepared to safely manage this added security risk or protect their online privacy—especially if they were not online regularly before. Because their capacity for long-term reasoning and risk perception is still developing, they may even pose a threat to their own online safety.
Parents and educators can help protect children’s digital privacy and empower them to practice online safety. Learn more about online privacy laws and internet safety for kids below.
What Are the Risks of Children’s Online Activity and Education?
Children in marginalized communities might experience unique concerns based on their race, religious beliefs and customs, or documentation status. They may accidentally trip filters and keyword-based technologies designed to prevent radicalization, said Mitchell. Predictive algorithms used to prevent gang activity can also make mistakes.
“It can bring a negative focus and attention to the family, which could lead to collision and contact with law enforcement,” said Mitchell.
How To Talk About Online Privacy and Security With Kids
“Kids are super smart, and you’re not going to pull one over on them,” said Mitchell. “If you’re trying to out-spy a kid, well, they know a hundred other kids who have figured out all the ways around these things.”
Mitchell recommends directly engaging children in conversations about how to have privacy online.
YOUNGER CHILDREN (AGES 4 TO 11) Make comparisons between the virtual world and the physical world to help younger kids understand these abstract concepts.
Example 1: “Your personal data is like your favorite toy or game. You wouldn’t give it away to a stranger. That’s why we do certain things to protect ourselves online.”
Example 2: “We put curtains on our windows and shut the door because privacy is important to us. It helps keep us safe at home. We can take steps to protect ourselves online, too.”
OLDER CHILDREN (AGES 12 TO 18) Make adolescents aware of the real-world consequences of online behaviors. Mitchell advises parents to ensure older kids understand the risk of sharing intimate images. If they possess a picture of a minor, even by consent, it could legally be considered child pornography and lead to charges.
Example 1: “Without privacy protections, online conversations can be ‘overheard,’ just like conversations in person. This could create an awkward situation, especially if you were caught talking about someone else.”
Example 2: “Keep in mind that images can last forever. Sharing intimate pictures is risky, even if you trust the person you’re sending them to.”
CHILDREN WITH MARGINALIZED IDENTITIES Mitchell encourages parents of children who are marginalized to explain that the othering and criminalizing they experience in person happens online, too—and that you are available with support.
Example: “You might be targeted online because of your identity. But, we navigate it in the real world, and we can navigate it in the virtual world.”
Easy Ways to Empower Kids Online
Involve kids in routine privacy practices, such as creating safe passwords in a password manager or keeping up with online safety news.
Help children understand that they will make mistakes. Remind kids that they can come to you when a questionable situation arises and that you will help them fix it.
Teach kids how to report inappropriate behavior online. They should know abuse is never acceptable and there are steps we can take as a family to keep them safe.
Have older children research their elected officials’ stances on privacy matters. If their position is not clear, encourage kids to send a letter.
Simple Steps to Protect Children’s Online Privacy
Make sure that kids are registered as under 13 on the sites and applications they use. This limits the data that can be collected on them and the content they see.
Parents should consider installing software that monitors kids’ online activity, including which apps are running and how much screen time they have.
Limit posting personal information online that could put children’s identities at risk. For example, captioning a photo with “Happy 7th Birthday, Jane Mikayla Smith!” gives away the child’s full name, birth date and birth year.
Use a private photo sharing app like BackThen to share pictures of kids. Public pictures can be scraped and saved.
Vote for elected officials who have clear, strong positions on online privacy and security, especially for children.
Terms to Know About Online Safety
Privacy and Security
Privacy refers to protecting one’s identity and movements from tracking or surveillance. (NPR)
Online (or Digital) Privacy covers users’ online activity, such as which sites they visit, and their offline activity, including their location and contacts. (NPR)
Personally Identifiable Information (or Personal Data) refers to “information about an individual maintained by an agency,” such as a social media company or workplace, that can be used to trace or distinguish an individual’s identity (e.g., social security number, birthday or biometric records) or that can be linked to an individual (e.g., employment information). (National Institute of Standards and Technology, PDF, 819 KB)
Malware is a broad term for malicious software used by cybercriminals to harm computing devices, services or networks and to steal data for financial gain. (McAfee)
Opt In/Opt Out refers to two different approaches taken by email marketers in contacting users; “opt in” means companies can only email users who consent to communication whereas “opt out” allows companies to email anyone who has not explicitly told them not to. (Computerworld)
Spyware is a type of malware that infiltrates a computing device in order to steal a user’s sensitive information and internet usage data. (Norton)
Two-Factor Authentication (2FA) is a security measure that requires users to enter two types of information (e.g., a password and a code sent to their smartphones) in order to access secured data or accounts. (Investopedia)
Active Data Collection refers to users intentionally providing information, such as entering a birthdate. (IAPP)
Passive Data Collection is data collection that happens automatically, of which the user may be unaware. (IAPP)
Caching is the “saving of local copies of downloaded content,” so that future downloads can happen faster. (IAPP)
The Fourth Amendment protects U.S. citizens from warrantless searches and seizures of persons or objects in places that, by society’s standards, they have a reasonable expectation of privacy, such as in their own home. (Legal Information Institute)
The Expectation of Privacy Test, which originated from the Supreme Court case Katz v United States, helps determine which situations meet the “reasonable” standard. How the expectation of privacy applies online remains unclear and undecided. (EFF)
Online Privacy Laws to Know: A COPPA Summary and More
California Consumer Privacy Act (CCPA) of 2018: Gives users the right to know how businesses use their personal information, to have it deleted and to opt out of its sale. Under the CCPA, children under 16 and/or their parents must opt in to having their data sold. This act applies only to California residents and for-profit businesses that do business in California.
CAN-SPAM Rule: Requires commercial emails to have accurate header and subject lines, include a valid physical address, identify itself as an advertisement and provide a way to opt out.
General Data Protection Regulation (GDPR): Requires businesses to protect the personal data and privacy of European Union citizens or residents and levies heavy fines (up to 20 million euros or 4% of global revenue) for violations.
Privacy Laws in California: Are among the most stringent in the United States. The Attorney General of California’s website summarizes state and federal laws protecting citizens’ privacy, including online privacy.
Online Privacy Resources for Students, Teachers and Parents