The PRIVO Kid’s Privacy Manifesto
National Cyber Security month is a great thing, but for parents and educators, every month has to be Cyber Security month.

By Denise Tayloe,
Co-Founder & CEO of PRIVO and Online Child Safety Expert

As we kick off National Cyber Security month, online privacy and cyber security experts in the US have geared up to educate consumers and businesses – over the course of a month – about the importance of online safety. A big part of online safety is how we manage our personal information and our privacy online. For most of us, this means wondering how much of our data the sites and apps we frequent are mining and hoping we haven’t posted any embarrassing photos on our timeline. For parents of children from toddler-age to teens, however, this means constant vigilance in making sure kids aren’t sharing personal information that will have long term impact on their identities; whether it’s in the online world or the offline world, for parents, the reality is every month needs to be child cyber security month.

The first step is to demand that reputable online sites, services, and apps serving kids and families simply comply and endeavor to improve upon to go beyond what US privacy laws like the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA) require. The second demand is to try and educate parents and educators about these laws and best practices. A critical point impacting children’s privacy is the fact that online services are being brought into the classroom that are not strictly for educational and classroom use only. The issue is that educators do not have the authority under COPPA to grant consent on behalf of parents to online services that have extended use outside of the classroom. In situations where educators may have the right to grant parental consent certain requirements must be met. For instance, privacy practices and notices be available to parents, understood by the school, and parental access to the child’s information being collected be provided.

In working to support the White House’s National Strategy for Trusted Identity in Cyberspace (NSTIC) initiative, PRIVO has developed the Kid’s Privacy Manifesto, a set of online privacy best practices that parents should expect and even demand from online service providers. The key tenets are that:

Online service providers MUST:
  1. Protect kid’s online identities as if they were protecting their own kids’ online identities
    Kids are especially vulnerable: their identities are not to be exposed, their information is not to be sold or traded, and their photos, voices, and writing must not be made available without a parent’s fully informed consent.
  2. Collect and share no more information than they need to provide a service
    How much information is enough? Usually it’s a non-personal display name and an email address for password reset, but maybe a bit more if it’s an interactive service. Under no circumstances, however, should kids be tracked as they surf the Web.
  3. Provide parents with a clear and easy-to-understand explanation of all their privacy practices
    Parents are the last line of defense for a kid, and we need to do all we can to make them successful. That means privacy policies and parental consent mechanisms that are in plain language that’s both easy to understand and completely comprehensive.
  4. Exceed what’s expected of them from bare compliance with the law
    COPPA may be the strongest online child privacy law anywhere on the global Internet, but online service providers can do better. No matter how little information is being collected, parents should be given notice as to the site’s practices, the ability to consent to those practices, and the ability to opt-out of those practices when they change. In addition, verifying parental identity when getting that consent should consist of more than just a return email from a child initiated registration.
  5. Support solid online safety education for all kids
    Good online safety curriculum teaches kids which pieces of information are important to keep private, how to understand the difference between trusted and untrusted sites, apps and games, knowing the importance of creating strong passwords and keeping them private, learning what social media is and how to use it responsibly, the implications of sharing selfies with others, and how to handle cyberbullies without becoming a cyberbully themselves.

While there are many dangers our kids face every day on the Internet, we owe it to them to take the right steps to proactively protect them and make their online experience as enjoyable – and safe – as possible.

To learn more about National Cyber Security Month go to https://www.staysafeonline.org/ncsam.