One year after the FTC gave the Children’s Online Privacy Protection Act (COPPA) regulatory teeth, many companies remain myopically focused on the law—at the expense of genuinely robust privacy protections for children. Real privacy protection occurs when a company genuinely cares about children’s rights and bases important decisions on privacy considerations as it architects its products and conducts its business.
It’s easy to say you care about privacy, but it’s much harder to walk the walk.
The Penalties of Focusing Solely on the Law
Granted, at a fine of $16,000 per downloaded app that violates COPPA, paying close attention to the law is a worthy pursuit. But following COPPA is not a sufficient condition for protecting children's privacy.
Consider a statute making murder illegal. It sets an absolute minimum standard for conduct among citizens subject to the law, but simply abstaining from the act of murder is not a sufficient condition for being a good citizen. Good citizens do all kinds of things in addition to abstaining from this heinous crime - they vote, volunteer in their communities, and advocate for those less fortunate than themselves.
The list can go on and on, and that’s the point - not breaking this particular law is a necessary, but not a sufficient condition of good citizenship.
The Rush for Mobile Market Share
The mobile ad market is poised to grow 70% to $31.5B this year, according to eMarketer. In the race to capture a slice of this market, it’s easy to be short-sighted and focus only on adhering to COPPA’s regulations. As the children’s media market grows more crowded and as laws evolve, however, the most successful companies will have the vision to go beyond COPPA and think through privacy questions that will best protect our youngest, most vulnerable economic actors - children.
Businesses that are serious about cultivating the trust and loyalty of discerning consumers and families need to be able to clearly articulate what consumer interests they are striving to protect and how precisely they are protecting those interests.
A Tale of Two Privacies
When creating a family app, it is crucial to draw the distinction between two different kinds of privacy - descriptive and normative.
Descriptive privacy refers to the creation of a space where one’s actions are unobservable by others as a matter of fact. For example, I enjoy privacy in the descriptive sense when I sit in my home with the curtains drawn.
Last year Google introduced a feature to its Chrome web browser called ‘incognito mode’ which prevents pageviews from appearing in browser or search histories and blocks cookies which may allow a user’s activities to become known to others. A user of this feature enjoys descriptive privacy insofar as subsequent users of the same computer cannot observe the first user’s behavior.
The normative use of ‘privacy’ also involves the creation of a private space, but the salient difference between descriptive and normative ‘privacy’ is the way the private space is created. The former is created by a barrier that prevents observation in fact. The latter is created through the use of social barriers – for example, asking an uninvited guest to leave a party.
So, the first question companies must ask themselves is: What kind of private space are we attempting to create?
Descriptive privacy enables the creation of a sandboxed environment that would allow children to play free from observation by others. When you make software for families though, it’s important to allow parents to shape that private space the way they think is best.
Therefore, businesses should provide settings that create normative privacy, giving parents the tools to declare that certain activities, e.g. accessing the internet or social media, are or are not allowed, in the same way a parent can ask a stranger to leave a child’s birthday party.
Who Are You Really Looking Out For?
Everyone thinks it’s important to protect children’s privacy, but simply saying ‘we should protect children’s privacy’ isn’t a very useful guide when developing software or making business decisions.
With most questions of privacy, the controversy is not whether privacy should be protected, but whether we should protect some other interest by making it private. These interests could include anonymity, the preservation of innocence, or an interest in not constraining a child’s future life decisions because they were able to make an imprudent, indelible disclosure on social media. These interests should be the driving force behind the features in a company’s platform.
It’s easy to say that it’s important to protect a child’s privacy, but it’s another, much harder task to articulate what precisely it is that we’re protecting. COPPA can compel a company to do the bare minimum, but it can’t compel you to do the extra work required to carefully shape your product in ways that provide privacy.
Thinking Beyond COPPA
COPPA compliance alone does not make a company a good citizen of the Internet community. The most meaningful privacy protections and innovations will come from within the walls of companies that take their role as stewards of children’s information seriously.
When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…
TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…
Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…
The three events that are part of The New Intelligence are all about how businesses and service providers, and their customers, can benefit from artif…
TMC announced the launch of The New Intelligence conference and expo - The Event Powering the AI Revolution. This exciting new event will take place o…