More data is collected about children growing up today than ever before — but are parents partly to blame? 

This month on the blog our focus is protecting children’s online privacy. So far we’ve looked at understanding the risks of tech in the home as well as how big tech companies might be tracking children’s online activities.

We know that the internet runs on data, and we know that a lot of that is coming from within our own homes. Our challenge is learning to recognize the risks that are inadvertently exposing children to potential cybercrime, identity theft, and more. All of this brings us back to our earlier question — are parents somehow to blame for over-sharing details about their children? 

We simply don’t know everything about how children’s data might be used – not just now, but also in the future, as children become adults. In a report entitled “Who Knows About Me?” it’s suggested that by the age of 13, parents have posted roughly 1,300 photos and videos of their children online. 

Identity Theft and the Risks of ‘Sharenting’ 

Research by global bank Barclays suggests that by 2030, information shared by parents online will lead to two-thirds of the identity theft committed against young people.

Barclays has pointed out that only three key pieces of information are required to steal someone’s identity: their name, date of birth, and address – all of which can be found on many parents’ profiles! The overwhelming majority of parents post the exciting birth news online for friends and family: certainly they share the baby’s full name and the day the baby was born; tracking down the family’s address online is incredibly easy for a cybercriminal.

Barclays has called this phenomenon “sharenting” and across social media, it has never been easier for fraudsters to gather the key pieces of information required to steal someone’s identity. 

“Careless online behavior and insufficient privacy settings can reveal key details about yourself, your friends and your family, it is vital to think before you post and regularly audit social media accounts to prevent information from falling into the hands of fraudsters,” Barclays Head of Digital Safety, Jodie Gilbert, wrote in the report.  

What Else Is to Blame? 

Where else is some of this overexposure happening? Well, it can start with internet of things (IoT) devices like Nest home automation devices or baby monitor cameras — such devices are often hacked by crooks looking to gain access to computers and financial details on a home’s wireless network. For cybercriminals, it’s easy to tap into your IoT device through your router (which is why we recommend naming it something that doesn’t give away the model of your router or personal information).

Innocent though they may seem, the risks to kids’ online privacy continues in other seemingly “protected” ways. Once you’ve packed up (or thrown out!) the WiFi baby monitor, you blink and suddenly your child is logging into a variety of EdTech platforms. 

The collective rish of EdTech means that schools collect an incredible amount of information from children, including personally identifiable information (PII); biometric data; behavioral, disciplinary, and medical information; and geolocation. The FBI has previously warned of hackers accessing student information in some school districts and said the widespread collection of student data could have privacy and safety implications if compromised or exploited.

As one example of a popular EdTech app that collects information on children and school activities, the ClassDojo app has many positives. It’s a handy and convenient way for parents and teachers to communicate and share student and classroom updates, photos, and news. What’s wrong with that, you may ask?   

For starters, the ClassDojo privacy policy is more than 12,000 words long. Although ClassDojo is certified COPPA-compliant, its data is shared with almost 30 other organizations, each of which have their own privacy policies too. How many parents — or school administrators — have taken the time to review what that means for their child’s online privacy and PII?

Buried within its privacy policy:   

“These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you, including if you view a video through an embedded video player which is played off our Service, but may appear to still be playing on our Service. The fact that we link to a website or other third-party content is not an endorsement, authorization or representation that we are affiliated with that third-party, nor is it an endorsement of their privacy or information security policies or practices. We are not responsible for the content, features, privacy and security practices and policies of any third-parties. We encourage you to learn about third-parties’ privacy and security policies before providing them with personal information.”

The quick takeaway from ClassDojo’s legal-ese is more or less this: “don’t hold us accountable to our partners’ actions; we take zero responsibility for their security practices.” 

Protecting Your Family’s Digital Footprint 

As we’ve reported before on the risks of tracking technologies, cookies and trackers are pervasive in today’s digital landscape. They collect all kinds of information about you in the background of your browsing. 

According to the Electronic Frontier Foundation, a nonprofit organization that advocates for consumer online privacy, the ecosystem as a whole is broken. It points to a third-party advertising company called MoPub, owned by Twitter, that was collecting PII from users across apps where consumers freely share their personal information (including dating and lifestyle apps). The EFF says “MoPub operates in the vast, convoluted, opaque ecosystem of personal data collection and sharing that powers modern adtech.”   

There are currently no laws that tell users what happens to their data or even simple ways to minimize what data is stored and processed. There’s not even a federal law protecting that sort of data sharing.  

While the EFF has built an opt-out tool to minimize data sharing, until there are enforceable laws in place, privacy-invasive practices will continue.

Lifestyle apps, games and educational tools, virtual learning platforms, social media, video sites, health and wellness tools, location-tracking apps — the list of family-focused apps and websites goes on and on. We recommend reviewing privacy settings on the apps you do like — and deleting the apps that aren’t bringing significant value to your life (but continue to track you or your children nonetheless). 

Our suite of privacy technologies can also help to protect you from most data-gathering culprits. The Ghostery Browser Extension is free and available for most major browsers. You could also go a step further and block trackers in your browsers and applications with Ghostery Midnight.