Protecting Children’s Privacy on the Internet
An individual’s right to privacy is the legal concept that one’s personal information is protected from public scrutiny. The Fourth Amendment forms the basis of this right, which has also been called “the right to be left alone” by Supreme Court Justice Louis Brandeis. While the right to privacy has a long history, ever-evolving technology and the widespread use of the internet make interpreting this right increasingly complicated.
In our technologically-based world, an individual’s right to privacy becomes even more important when it relates to the rights of children. Children generally can’t make informed decisions about what data can and should be shared.
However, using devices and visiting websites that collect data has become an increasingly popular activity for young children. In recognition of the vulnerable nature of children, the federal government has developed specific measures intended to protect children’s privacy.
Read on to learn from the Florida child injury attorneys at Dolman Law Group Accident Injury Lawyers, P.A. about children’s privacy rights and what companies are required to do to comply with those rights.
Statistics on Internet Use
Smart devices and social media are exponentially growing as one of the most integral parts of many kids’ lives.
Consider the following statistics:
- 95 percent of teens across genders, races, and ethnicities report having a smartphone or access to one;
- 45 percent of teens say they are online on a near-constant basis, and another 44 percent say they use the internet several times a day;
- 85 percent of teens report using YouTube, and 72 percent report using Instagram; and
- On average, outside of schoolwork, tweens spend more than four hours per day on a screen, while teens spend more than seven hours on a screen.
While internet access and use pervade the teenage group, younger children are accessing the web as well, and in increasing numbers. In seven years, the number of children ages three and four using the internet from home rose from 45 percent to 19 percent. Fifty-seven percent of five to ten-year-olds accessed the internet, up from 49 percent. A report found that 12.6 years old is the average age children are signing up for their own social media accounts.
The younger a child is, the less able they are to make smart decisions about sharing information—40 percent of kids in fourth through eighth grades reported connecting or chatting with a stranger online.
Of the children who connected with a stranger,
- 53 percent revealed their phone number to a stranger;
- 21 percent spoke with a stranger on the phone;
- 15 percent attempted to arrange a meeting with the stranger;
- 11 percent actually met a stranger;
- 30 percent texted with a stranger from their own phone; and
- 6 percent revealed their home address to a stranger.
Parents play an important role in monitoring, blocking, and filtering the content their children are viewing online. However, they aren’t alone in the effort to protect children’s privacy in an online environment.
Federal Regulation of Children’s Privacy
In 2000, Congress passed the Children’s Online Privacy Protection Act (COPPA), which requires businesses to provide parents with notice of privacy practices and secure verifiable consent from parents before collecting a child’s personal information.
COPPA applies if the site:
- Is directed at children younger than 13 and collects personal information; or
- Is directed to a general audience but the business has actual knowledge that personal information is being collected from a child under 13. Actual knowledge requires that the operator asks for and receives information enabling the determination of the user’s age.
Third-party services that collect personal information from users, such as ad networks, may also fall under the COPPA requirements. When personal information is collected from a site directed to children under 13, COPPA applies.
COPPA affords parents control over the information collected from younger children. Violations of COPPA are enforced by the Federal Trade Commission, and suspected violations can be submitted to the FTC.
What Is Personal Information?
Personal information also known as personal data is a broad term that can have different definitions depending on the application. For purposes of COPPA, personal information includes:
- First and last name;
- Home or physical address that includes the street name and city or town name;
- Online contact information, screen names, or user names that function as online contact information;
- Telephone number;
- Persistent web identifiers;
- Photographs, videos, or audio files containing a child’s image or voice;
- Geolocation information enabling identification of a street name and city or town name; and
- Any information about a child or parent collected by an operator and combined with an above identifier.
Steps for Complying With COPPA
Whether you are a business aiming to ensure you are COPPA compliant or a concerned parent, the following questions are important for understanding which sites must comply with COPPA:
- Is the website or online service directed at children under age 13, or do the operators have actual knowledge that information is collected from users under 13?
- Does the site collect personal information from children under age 13?
- Information is considered collected when there is a request, prompt, or encouragement of submission of personal information, when information can be made publicly available, or a child is passively tracked online.
- Have parents given consent for the collection of a child’s personal information?
- Parents should be notified that their consent is required and how to provide it. Parental consent is required before collecting, using, or disclosing a child’s personal information.
- Are parents’ ongoing requests being honored?
- Parents have a right to ask to review collected personal information, to revoke consent, and to request the deletion of their child’s personal information.
- Are reasonable security measures in place?
- An operator has an obligation to take reasonable steps to protect the confidentiality, security, and integrity of the collected personal information.
Compliance with COPPA can be complicated and penalties for non-compliance can be steep. If you are a site operator working towards compliance or the parent whose child’s rights were violated, contact an experienced attorney to assist you in evaluating your options.
State Privacy Laws
As mentioned, COPPA aims to put parents in control of younger children’s privacy for sites directed at children. However, this still leaves a broad landscape of internet activity that is not subject to COPPA. There is no overarching federal legislation, like the General Data Protection Regulation (GDPR) in Europe. Instead, parents must look to state privacy legislation to determine their rights as well as their children’s rights.
Florida’s Constitution includes a constitutional right to privacy and has enacted laws to protect certain types of information. For example, under Florida law, individuals have a right to privacy in their financial and medical records. Florida does not, however, have a policy specific to online privacy. California is one state that is leading the way in online policies regarding privacy. It may be helpful for states outside of California to understand the California rules. Most major companies doing business within the U.S. will aim to comply with the California requirements.
The California Consumer Privacy Act (CCPA)
- Know whether and to whom their personal information is sold or disclosed. If a company sells consumer data to a third party, this must be disclosed to the consumer. Generally, the consumer should have the right to opt out of the sale of their personal information.
- Access personal information that has been collected. Consumers can request access to their information, how it was collected, and what parties it is shared with.
- Request that a business delete personal information. Though some information is exempt from this requirement, a consumer can request that much of the collected personal information be deleted.
- Be free from discrimination for exercising their rights. Businesses cannot provide less favorable service or pricing to any individual that exercises their rights under the CCPA.
The CCPA applies to any for-profit business that collects the information of a California resident and:
- Has annual gross revenues in excess of $25 million; or
- Receives or discloses the personal information of 50,000 or more California residents, households, or devices on an annual basis; or
- Derives 50 percent or more of annual revenues through the sale of California residents’ personal information.
No matter where you live, you may do business with a company that meets the above criteria, in which case, they are likely abiding by the CCPA’s requirements. As a result, you may benefit from the stricter laws without living in California.
Minors and the CCPA
CCPA makes additional requirements for the use of personal information of consumers under the age of 16. Businesses are required to secure opt-in consent before selling the personal information of consumers under 16 years old. If the child is under 13, the required consent must come from a parent or guardian.
The business has an obligation to take reasonable steps to ensure the consenting party is actually a parent or legal guardian. If a business violates the restrictions for the collection of minors’ data, the attorney general can bring a civil action against them. The violator will face a fine of up to $2,500 per violation or $7,500 for each intentional violation.
The CCPA requirements apply to children ages 13 to 16 and businesses have some obligation to ensure the consent is coming from a parent or guardian. As such, the CCPA obligations are more rigorous than the COPPA standards.
Managing Your Child’s Privacy Online
Website operators must live up to certain standards to protect the privacy of children online.
However, parents and children can take these four steps to protect their privacy:
- Turn on the “Do Not Track” setting. Most browsers have a “Do Not Track” setting that can be enabled. When enabled, online activity cannot be followed by advertisers and other third parties. Be sure to enable this setting to signal your desire not to be tracked to analytics companies and ad networks. Beware that this setting is a voluntary signal, and the companies who receive it are not obligated to comply.
- Understand cookies. Data about your visit to a website are referred to as “cookies” and can include information including login identification and user preferences. The stored information communicates back to the web browser the next time you visit the site from which the information was gathered. Imagine a time when you have returned to a website, and it has offered to auto-populate your name and address. A cookie is likely responsible for the pop-up. Cookies that serve up information to a specific website are called first-party cookies. Some cookies, called third-party cookies, send your information to advertising houses. The advertisers may then share the information with marketers. Consider opting out of these third party cookies.
- Check your app settings. Many mobile apps access data like your phone number, calendar information, location, and unique device IDs. Only allow apps access to data they actually need to perform the intended service.
It requires a time investment to understand the federal and state privacy laws and to take actions to monitor your child’s privacy online. Putting in the effort will help keep your child’s information safe, while also, teaching them important lessons about privacy.
If you believe your child’s privacy rights were violated or if you are a business trying to understand your privacy obligations, contact an experienced attorney. An attorney can help protect your rights and meet your responsibilities.
Dolman Law Group
800 N Belcher Rd
Clearwater, FL 33765