It’s that time of the year again. The holiday season is almost upon us and with that comes holiday parties, travel plans, and most importantly, gifts. There’s a good chance that some (if not most) of your gifts will be for kids and might even include the latest tech gadget. From new game consoles to network-connected toys, these gadgets collect, use, and may ultimately share a tremendous amount of information about their users, the surrounding environment, and even mom and dad.
As you start your holiday shopping, here are some things to know to better protect your children’s privacy.
What should I, as a consumer, be aware of?
Whether you are planning on buying a smart toy, a smart speaker, a smartwatch, or anything that is connected to the internet (Sigh! Whatever happened to kids just wanting ponies and puppies and bikes), get ready to roll up your sleeves and do some good old-fashioned research before you trot-off to the store.
First, before buying any product, here are some questions you should ask yourself:
- Does the product collect any information from children?
- How does it collect the information?
- What do they do with the information that is collected? (And what type of security protections does the product have?)
Wait, what is COPPA?
Well, I’m glad you asked. The Children’s Online Privacy Protection Act (COPPA), passed in 1998, is the primary federal law in the United States protecting the digital privacy of children under the age of 13. Under COPPA, companies are required to get verifiable parental consent before collecting any personally identifiable information from children below 13, and the law gives parents the right to access this information and even have the the company delete it, if they so wish. (Check here for the updates that the FTC made to the definition of ‘personal information’ under COPPA in 2013).
Who enforces COPPA?
The Federal Trade Commission (FTC) is the federal body in charge of enforcing COPPA. To date, the FTC has brought about 30 cases against companies for violating COPPA with penalties totaling several millions of dollars.
While COPPA has been very important in setting privacy guidelines for companies offering products or services for children below 13, there are certain areas where some improvement is needed. For example, state attorneys general in New Mexico and New York have highlighted apparently flagrant violations of the law. It is clear more must be done, and for a law having just celebrated its twentieth birthday, reform and reconsideration seems in order.
CDT recently filed comments to the FTC on steps they can take to be more effective in enforcing COPPA and protecting children’s privacy. The steps include:
- Proactively investigating companies as opposed to being reactive to public data breaches;
- Providing ongoing monitoring, training, and evaluation to safe harbors (a COPPA provision that lets approved industry groups self-regulate compliance with the law); Strengthening communications and outreach when the FTC takes enforcement action to deter companies from future violations; and
- Working with the U.S. Department of Education to come up with guidance for businesses on privacy best practices. This is especially important with the increasing use of personal devices by children in the classroom context.
If you are looking for some light reading while travelling this holiday season, you will find our detailed comments to FTC here.
So this holiday season, consider the children in your life and how to protect their privacy rights, and we will continue to do the same!