Efforts Aim to Protect Kids’ Online Privacy
When protecting kids from online predators, you shouldn’t worry only about pedophiles, pornographers, creeps and criminals. You also need to protect children against legitimate businesses that are out to invade kids’ privacy.
One way they do this is by getting them to disclose information that might be used to manipulate them in the marketplace.
While the risk of having your child’s name in a marketing database isn’t the most terrifying prospect, it’s far more widespread than the better-known threats to children, and it can have disturbing long-term implications.
“Misuse of information about your kids could have an impact on their behavior and development,” says Katherine Montgomery, president of the Washington-based Center for Media Education. “It’s no longer just an issue of the child’s name being in a marketing database. There are now sophisticated applications that can manipulate your kids by targeting advertising or even editorial content directly to them.”
Montgomery, along with representatives of other advocacy groups and the online industry, participated in a “rule-making workshop” last week held by the Federal Trade Commission to help implement the Children’s Online Privacy Protection Act of 1998.
The law, which goes into effect in April 2000, requires Web sites to obtain parental consent before they collect any information from children under 13. The law also gives parents certain rights to prevent the further use of data that’s already been collected, including the right to review the data. If a child needs to enter information to play a game or participate in an activity, it limits the collection of information to what is “reasonably necessary.”
Although the bill doesn’t define “reasonably necessary,” one would think that would include only information that is required for the activity. It might be necessary to supply an e-mail address or perhaps an approximate age, but it isn’t necessary for a child to fill out a product preference survey or inform the site about the ages and genders of fellow family members.
KidsCom, for example, has a registration area that requires kids to enter their full names and e-mail addresses if they want to participate in chat and other interactive activities. The text warns kids not to give out personal information without parents’ permission and says that the site doesn’t “rent or sell your information to anyone.”
But it also asks kids the number of people in their family, their favorite TV show, favorite musical group and, gasp, favorite commercial, along with lots of other questions including what profession they plan to go into in the future and the full name of the “kid who told you about KidsCom.”
The issue of kids’ privacy came to light in May 1998, when the FTC said it found that 85% of the 1,400 sites it had surveyed collected some type of personal information, but only 14% of those sites posted a privacy policy that disclosed what the company might do with the information.
*
Without a privacy policy, the consumer is at the mercy of the Web site operator, who could use the data to try to sell you something later or barter, sell or otherwise disclose personal information to a third party.
Technology exists to facilitate the collation of data from a variety of sources to create rather detailed profiles of individual users.
Web sites that cater to children, according to the FTC study, were about as bad when it came to privacy. Some 89% of sites aimed at children collected personal information, only 24% of those had a privacy policy, and only 1% of those sites obtained parental consent before collecting information from children.
There are signs that things are getting better, but those signs come from studies funded by the online industry. One study, conducted at Georgetown University and funded by America Online, American Express, the Direct Marketing Assn. and other companies and trade associations, concluded that 66% of the Web sites surveyed (a sampling of the 7,500 most heavily trafficked sites) now post a privacy policy.
Another study, conducted by the Online Privacy Alliance, an industry coalition, showed that “94% of the top 100 Web sites had posted at least one type of privacy disclosure, up from 71% last year,” according to an FTC report that cited it. Neither study provided specific information about sites that cater to children.
The Center for Media Education, however, recently completed two studies of children’s Web sites that reached different conclusions. One survey looked at the 80 most popular children’s commercial sites and found that 88% collect personal information and that 26% of those sites do not post any privacy policy. About 74% of the collecting sites don’t require parental consent before a child provides information, according to the CME.
Another CME study looked at a “random sample” of 71 children’s sites and found that 95% collect personal information from children but that 73% do not post a privacy policy.
Only about 6%, according to the group, “attempt to get any permission from parents.”
*
I can’t vouch for any of these surveys, but I recently reviewed the kids’ sites that I link to from my own child safety site (https://www.safekids.com) and was surprised to find that many of them--including some very well-respected businesses and nonprofit organizations--still don’t have a privacy policy linked from their home page. To be fair, some of these sites don’t go out of their way to collect personal information, but most have at least an e-mail link that makes it possible for kids to send them information.
I hadn’t given much thought to this issue when I developed the list last year, but from now on I’m not going to list new sites unless they post such a policy. In that, I’m joining Microsoft, IBM and Walt Disney, which have all announced they will not accept or buy ads from Web sites that don’t post a privacy policy.
Checking to see if a site has a privacy policy is just a start. What’s really important is what the policy says and whether the company adheres to it. I would never reveal any information to a Web site unless I’ve at least scanned the privacy policy so I have a clue to what the site might do with it.
I’ve also instructed my children not to provide personal information to any Web site without first checking with Mom or Dad. My kids are smart, but, frankly, it’s hard enough for me to understand most of these privacy policies, assuming they exist in the first place. Besides, it’s part of our parental responsibility to control how information about our kids is disclosed.
Although the Children’s Online Privacy Protection Act of 1998 provides some relief for children under 13, it does nothing to address the privacy needs of teenagers, who are prime targets of advertisers and marketers.
With or without government regulation, it’s up to parents, kids and teens to guard their privacy and be careful about the information they give out. The opportunity to win a prize or play a game may bring momentary pleasure, but databases, like diamonds, are forever.
*
Lawrence J. Magid can be heard at 1:48 p.m. weekdays on KNX-AM (1070). He can be reached at larry.magid@latimes.com. His Web page is at https://www.larrysworld.com. On AOL, use keyword “LarryMagid.”
