By Caroline Knorr
If you don’t want to have the bejesus scared out of you, don’t talk to an expert on kids’ online privacy. If you knew what was really out there — online predators, identity thieves, data miners — you’d lock up the internet and throw away the key.
The truth is, an ounce of prevention is worth a pound of cure. The internet is so woven into our lives, we need to be aware of the worst-case scenarios that can strike when we’re unprepared. Below are a few of those scary things that can and do happen. But with some eyes and ears to the ground, they are totally preventable.
Your kid could be spied on. Smart toys including My Friend Cayla, Hello Barbie, and CloudPets are designed to learn and grow with your kid. Cool, right? Unfortunately, many of these toys have privacy problems. As the 2015 data breach of Vtech’s InnoTab Max uncovered, hackers specifically target kids because they offer clean credit histories and unused Social Security numbers that they can use for identity theft. These toys also collect a lot of information about your kid, and they aren’t always clear about when they do it and how they use it.
Your kid could get accused of a crime. Everyone has the right to privacy, especially in their own home. But home assistants such as Amazon Alexa, Google Home, and Mattel Aristotle are designed to butt their noses into conversations. These devices collect — and store — untold amounts of data. It’s unclear what the companies do with the extraneous “noise” they pick up. And if it’s subpoenaed, they might have to hand it over. Say your kid jokes about terrorism or something else illegal; if there’s an investigation into those activities, the companies might have to cough up the transcripts. In Arkansas, a prosecutor asked for a murder suspect’s Echo smart speaker in case its information could shed light on the crime. The suspect agreed to hand over the recordings, and Amazon was compelled to make them available.
- Protect yourself. Turn off your home assistant’s microphone when you’re not using it. You also can prune your data in your devices’ app settings, deleting stuff you don’t want to store on your phone or in the companies’ cloud servers. Or choose not to use a home assistant until the privacy regulations are ironed out.
Your kid could get hurt. With location-aware social media such as Twitter, Kik, and Facebook, kids can reveal their actual, physical locations to all their contacts — plenty of whom they don’t know personally. Imagine a selfie that’s location-tagged and says, “Bored, by myself, just hanging out looking for something fun to do.”
- Protect yourself. Turn off location sharing on your kids’ devices, both in the phone settings and in the apps they use, so their status updates and photos are not automatically tagged with their locations. Make sure your kids never tell strangers their address, their school name, where they hang out, or where they’re going to be. Teach kids to choose “no” when asked to share their locations.
Your kid could lose out on opportunities. Posting wild and crazy pics from prom ’17 paints a picture for potential admissions counselors, hiring managers, and others whom teens want to impress. They may not care that your kid partied — only that he showed poor judgment in posting compromising images.
- Protect yourself. Tell your kid not to share photos of questionable activities on the internet. If those kinds of photos do wind up online, tell your kid to ask his or her friends either to take them down or not to tag them so the photos can’t be traced back. And remember to model responsible online sharing; don’t share photos of your kid without asking permission, and share them with a limited audience — for example, only grandparents.
Your kid could be sold short. Schools are increasingly using software from third-party providers to teach, diagnose potential learning issues, and interact with students. This software includes online learning lessons, standardized tests, and 1:1 device programs. And the companies that administer the programs are typically allowed to collect, store, and sell your kids’ performance records. Wondering about all those offers for supplemental reading classes you’re receiving in the mail? Maybe your kid stumbled on her reading assessments — and marketers are trying to sell you “solutions.” Curious why Harvard isn’t trying to recruit your kid? Maybe they already decided she’s not Ivy League material based on her middle school grades. (Learn about our Student Privacy Initiative.)
- Protect yourself. If you know that your kid is going to be using third-party programs at school, find out what the software opts them into and what they can opt out of. Tell your kid to only supply required, not optional, information. If you have the time (and the stomach for it), you could read through the privacy policies of all the software your kid uses at school. Otherwise, talk to the principal about how the school vets companies’ policies. If you’re not satisfied, raise the issue with other parents (say, at the PTA meeting) to learn how your school can do more to protect student privacy.
Your kid could be limited. As schools automate procedures, they create student records with sensitive — and potentially damaging — information. Under the Family Educational Rights and Privacy Act (FERPA), schools are allowed to share certain information without getting parents’ consents. That means that an individual education plan (IEP), attendance records, a disciplinary record, prescribed medication, or even a high body mass index could be disclosed and used to unfairly disqualify your kid from opportunities, such as advanced classes, government services, or special schools.
- Protect yourself. Schools are required to send parents information on how they handle student privacy. Find out what information your school collects, how it’s stored, who gets to see it, and what future administrators are allowed to do with it. Under FERPA, you have the right to request, correct, or add an amendment to your kid’s records through your district’s educational department.
Your kid could be humiliated. Sharing fun stuff from your life with friends is fine. But oversharing is never a good idea. When kids post inappropriate material — whether it’s a sexy selfie, an explicit photo session with a friend, an overly revealing rant, or cruel comments about others — the results can be humiliating if those posts become public or shared widely.
- Protect yourself. Talk to your kids about keeping private things private, considering how far information can travel and how long it can last, and how they can talk to their friends about respecting one another’s personal privacy.
Your kid’s data could wind up in the wrong hands. The Cambridge Analytica scandal that involved scraping information from people’s profiles on Facebook proves that you can never be sure how companies are protecting your data, who they’re sharing it with, and what information they’re giving to third parties.
- Protect yourself. When you sign up for a social media account, only provide the basic information needed to set up your profile. Services such as Facebook ask for a lot of information, but often it’s not required to register. When you use third-party apps, such as a downloadable quiz on Facebook, review the information the app says it’s taking from your profile. If it’s over-reaching, for example taking data it doesn’t really need or taking your friend’s data, just say no.