In 2018, research conducted by UC-Berkeley revealed that over half of Android’s free apps served ads that violate childrens’ privacy. Children’s advocate Jim Steyer believes that the 20-year old Children’s Online Privacy Protection Act (COPPA) born in the early days of the internet is now crying out for an update.
DJ Pangburn points out how vulnerable children are to privacy violations in this report from Fast Company:
“All this data makes kids uniquely valuable to companies and adds to their digital footprint, which can extend beyond parents’ control,” Steyer says. “Kids’ information will live on for longer than we know and could impact education and employment opportunities, healthcare access, and exposure to identity theft.”
“As kids’ brains are still developing, they lag behind adults in conceptualizing privacy, comprehending online data ecosystems, understanding terms of service, and recognizing ads,” he says. “Both young children and teens are prone to overshare, albeit for different reasons.”
[…]
In COPPA 2.0, Steyer and Common Sense envision parents with children under 13, and teens being given control and choice over online tracking. They would like to see an “eraser button” and a right to delete content they post about themselves online. But Common Sense doesn’t want to stop with these provisions. They want to prohibit companies from targeting ads at children, and prevent sites from claiming children aren’t on their sites to evade COPPA requirements.
Steyer would also like to see children’s and teens’ connected devices be outfitted with a “privacy dashboard” on the product packaging, which would detail data-collection practices and security provisions. And in COPPA 2.0, sale of insecure connected devices to children and teens would be prohibited. Steyer says a Youth Privacy and Marketing Division should be created at the FTC, which would focus entirely on children’s privacy and marketing.
“Historically, data brokers are very protective about how they go about their services,” Steyer explains. “Data brokers can acquire data in a variety of ways, including when a parent posts information on photo sharing sites and event scheduling apps, if a parent posts information on sites such as Evite, if a parent purchases products online, or if a soon-to-be-mom starts a baby registry. Some states post public records online, like in Virginia. Most of the time, a data broker can acquire data by other means that have nothing to do with what people post.”
