Now that 6.8 million more people have just had their (private!) Facebook photos exposed, it seems like a good time to talk about online privacy, especially when it comes to what people post about their children.
Parents are already some of the biggest violators of their kids’ privacy, leaving potentially harmful digital footprints well before the age of consent.
A child or teenager’s digital footprint now starts before birth. From ultrasound photos and due date announcements posted to social media to the proliferation of smart toys, parents are revealing far more information than they realize about their children. Add in the increasing number of computers in the classroom and the amount of data collected by schools and there’s very little information about your child that’s truly private.
This technology coupled with parents’ behavior is increasingly putting children at risk for identity theft, humiliation, various privacy violations, future discrimination, and causing concern about developmental issues related to autonomy and consent.
A 2010 study showed that in the U.S, more than 90% of 2-year-olds and 80% of babies already had an online presence.
The rise and risks of “sharenting”
Last month, the UK Children’s Commissioner released a report called “Who Knows About Me?” illuminating the ways in which we collect and share children’s data and how that might put them at risk in the future.
The report estimates that by the age of 13, parents have posted roughly 1300 photos and videos of their children online (which might seem like a conservative estimate for those of us whose timelines are full of new parents).
Even in 2011, it was estimated that people were only passing acquaintances with about 1/5 of their Facebook friends. Think about how many opportunities relative strangers (or even friends who later become (fr)enemies) have to screencap vulnerable or potentially embarrassing posts (or stories, which we think of as ephemeral, but can last a lifetime to someone who screencaps or records them).
The phenomenon of parents putting information about their children online has come to be known as “sharenting.”
According to the UK report, Barclays has forecast that by 2030 “sharenting” will account for 2/3 of identity fraud, costing hundreds of millions of dollars a year. With just a name, date of birth, and address (easy enough to find in a geotagged birthday party photo on Facebook, for example), bad actors can store this information until a person turns 18 and then begin opening accounts.
As a result of these and other risks, children’s advocates are now trying to educate parents to think harder about posting information (including photos) about their children online while taking into account the conflict between a parent’s freedom to post and a child’s right to privacy.
In her legal analysis of this conflict, Stacey Steinberg of the University of Florida’s Levin College of Law has weighed the effects of silencing parents against the rights of children. Steinberg says that it’s important to give children the right to say no to parental posts about them (including photos, quotes, and descriptions of their accomplishments and challenges). She notes that by age 4, children have a sense of self and have already begun to compare themselves with others. At this age, they benefit from being heard and understood, and thus:
Parents who post regularly can talk about the internet with their children and should ask young children if they want friends and family to know about the subject matter being shared.
Of course, social media can be a source of parenting support and communication with distant family members, so Steinberg is not trying to convince parents to maintain complete radio silence about their families. Instead, she is suggesting that parents give more thought to what they post, eliminate unnecessary layers of information like geotagging, and talk to their kids as soon as they’re able about what’s being put online about them.
The latter not only improves a child’s sense of autonomy but alerts them early on to the potential dangers of oversharing and gives them a good sense of what is meant to be public and private. She notes that
Indeed, children who grow up with a sense of privacy, coupled with supportive and less controlling parents, fare better in life. Studies report these children have a greater sense of overall well-being and report greater life satisfaction than children who enter adulthood having experienced less autonomy in childhood. Children must be able to form their own identity and create their own sense of both private and public self to thrive as young people and eventually as adults.
Without any sense of boundaries when it comes to their data, children growing up in our post-privacy world might assume that they have no right to keep their data private.
The U.K. report warns:
We need to stop and think about what this means for children’s lives now and how it may impact on their future lives as adults. We simply do not know what the consequences of all this information about our children will be. In the light of this uncertainty, should we be happy to continue forever collecting and sharing children’s data?
Who is listening to your child?
It’s not just social media that poses a privacy problem for children. Increasingly, our homes are filled with smart devices that listen for “data,” and each holiday season brings a slew of new toys that come with recording devices and Bluetooth.
Remember Hello Barbie? She might be old news now, but that didn’t stop the rise of Cloud Pets, the adorable teddy bears that allowed parents and children to communicate via stored voice messages, but actually exposed the personal messages of over 800,000 customers to anyone on the Internet who knew where to look. They were also vulnerable to malicious hacking just like Hello Barbie.
Cloud Pets is now out of business after the security snafu, but that hasn’t stopped other companies from making communication and surveillance devices in the form of fluffy toys (and that also won’t stop people from misusing the data already stolen from Cloud Pets – there have already been two cases of cybercriminals demanding money from the company in exchange for the data they stole).
While Fisher-Price has stopped producing their Smart Bear (which has a microphone, camera, speaker, pressure plate and an accelerometer that knows when it’s tossed in the air) since it was discovered that the nose camera could be hacked, you can still buy them online.
News outlets are brimming over with warnings about buying kids smart toys, but that doesn’t stop companies from producing them. Before you buy your child a toy with a recorder, camera, or the ability to be connected to the Internet, it’s important to take into consideration what that toy can hear, see, and store. Even things like Amazon’s Fire HD Kids Edition, although stating that it is “not a toy,” asks for your child’s personal information and can easily store what they play, watch, and search for.
If you’re thinking about your smart speakers, security cameras, and baby monitors being full of the same tech, you’re right. Just about anything “smart” in your home needs to be given a second look for security vulnerabilities.
Ever have a friend post an adorable moment captured by their baby monitor on social media? You might want to warn them that now everyone knows exactly what kind of monitor they have, making it easier to access their live feed.
There’s a common misconception among parents that more data means more security for their children. But things like hacked baby monitors and LoJacked kids who abandon their devices at a friend’s house show that’s certainly not the case.
This sense of being monitored also interferes with childhood development. Children who are aware of being monitored have an altered sense of self. They may be less likely to push boundaries and learn for themselves what’s right and wrong. And what does constant monitoring teach them about freedom and independence? Will it make them more likely to accept surveillance in the workplace? Will they understand the value of privacy?
There’s obviously a fine line here between wanting to protect our kids from getting into trouble and forcing them to conform.
Linking it all together
In light of all the hacks of social media, health records, smart toys, and various home devices, there’s a tremendous amount of data out there about us just waiting to be used. And children, who don’t know about the risks and often have no say about what data is collected and shared, are the most vulnerable.
Combine this with the rise of unsecure technology in schools. In September of this year, the FBI released a public service announcement warning parents of cyber threat concerns related to K-12 students. The “rapid growth of education technologies (EdTech) and widespread collection of student data could have privacy and safety implications if compromised or exploited.”
They reported that in 2017, multiple school systems across the country were hacked. To make matters worse, hackers stole student contact information, education plans, homework assignments, medical records, and counselor reports from millions of students and used them to extort kids and their parents:
The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets.
EdTech collects an incredible amount of information from children, including:
- personally identifiable information (PII);
- biometric data;
- academic progress;
- behavioral, disciplinary, and medical information;
- Web browsing history;
- students’ geolocation;
- IP addresses used by students; and
- classroom activities.
With the rise of predictive algorithms and free-floating information on kids that’s been hacked from every facet of their lives, we’ve created a perfect opportunity to use early test scores, behavioral infractions, and personality assessments against them for the rest of their lives.
This isn’t just paranoia; the team from the U.K. report delivered a dire warning:
As machine learning becomes more sophisticated and ubiquitous, we can link all of this information together. Algorithms can be used to make predictions about people based on this information.
Just think about all the places we use these algorithms, from courtrooms to credit applications to employee background checks. The datafication of children from birth could easily set them along a path dictated by this data, affecting them for the rest of their lives.
The report asks some important questions:
Could data about a child’s language development and early educational performance at age four play some role in their university application outcomes? Could their parents’ shopping habits impact upon the products and services they are targeted with through advertising? Could personal health data affect their ability to take out insurance in future?
So what can we do?
While you can’t protect your child from every potential data threat, there are things we can all do to reduce the datafication of children as well as make other entities that interact with their children aware of the threats.
- Encourage schools to teach Internet safety and privacy. If educators and their administrators are going to utilize EdTech, they should also make time to teach students about the dangers of giving over private information. In the U.K., internet safety was made a mandatory part of the school curriculum in 2014, and it’s time for the U.S. to step up.
- Demand that schools are transparent about the data collected by their technology and ask for parental approval before letting children sign in to machines and apps, as well as give guardians the opportunity to opt their children out of the use of this technology if they feel it’s not protecting their privacy.
- Make your friends into fellow advocates so that questions about privacy are expected. Encourage them to ask about data collection in schools and medical facilities so they understand who is collecting data, how it’s being used, who it’s being shared with, how it’s being protected, and how it’s being aggregated. (It’s important to note that anonymizing data is no longer enough since hackers are easily able to de-anonymize it.)
- Research the toys you buy for children to ensure they don’t contain unsecure voice or video recording systems. Disable those systems in toys you already own and change the default passwords of gadgets your children use (as well as your home router).
- Demand that companies who market directly to minors write terms and conditions that kids can understand.
- Encourage policymakers to enact legislation that protects children’s privacy. The Children’s Online Privacy Protection Act (COPPA) was passed in 1998 but there are loopholes that are constantly being exploited and the legislation needs to be updated to take into account new technology.
- Ask about and research the technology your children are using. You can’t use parental controls properly if you don’t understand the platform or app.
- Don’t post photos or videos online that reveal personal information about your children. Be mindful of the long-term implications of getting a few likes.
- Be clear with grandparents, friends, and babysitters as well about what they are allowed to share online about your children.
- Remember that Facebook and Instagram stories or Snapchat “snaps” seem ephemeral, but can easily be photographed, screen capped, downloaded, or recorded by bad actors.
Again, it does no good to simply be scared by this information or shut out the world completely. The best thing you can do is put more thought into what you post online about your child.