“Small earthquake in Chile. Not many hurt. ”

 

If you sign up to a journalism school in the UK you will be shown the above headline, probably in the first week. It will then be explained to you that it is a classic example of the kind of story which really deserves, and normally gets, precious little media attention. As an intro it completely fails to grab you. It says nothing terribly exciting or interesting happened, read something else instead.

Of course one should not judge the importance or worth of something by column inches and headlines alone. Apart from anything else the timing of an event can have a critical effect on its potential to attract journalists. If you had discovered a guaranteed cure for all forms of cancer and scheduled your press conference for 15th April, 1912, you would still have had a hard time getting a look in. News that the Titanic  sank the previous night was filtering through. But generally these days if something is interesting it will get picked up somewhere by someone. Eventually.

Now let’s turn to the long awaited final report of the US Federal Trade Commission’s investigation into the operation of the Children’s Online Privacy Protection Act, 1998, (COPPA). Nobody held the front page, although to be fair it did register in a very minor key in a couple of nooks and crannies of cyberworld.

In the beginning

COPPA was originally passed back in the 20th Century to try to keep online advertising and associated unscrupulous commercial practices away from children below the age of 13. From the moment its provisions were implemented in April 2000 parents needed to give express, verifiable consent to their offspring’s contact information being gathered for these purposes. That was it. That’s what privacy meant back in the day. Today when the word privacy is mentioned, yes it still includes that stuff but entirely by osmosis COPPA has seemingly turned into a benchmark and a debating point for a whole lot of other issues.

COPPA has transformed itself into something else

Essentially COPPA now means that at 13 you are judged not only to be competent to decide entirely by yourself whether or not you want to be exposed to online ads and which companies can have your contact details, but also you are held to have sufficient wisdom to know what to reveal on a personal profile that you can choose to make available to just about anyone.

How did this happen? Where was that shift discussed? Where is the link, the crossover or the obvious connection between the two ideas? Some people may feel, intuitively, that 13 is right for both, but intuition is a funny old thing. In the UK many people feel, intuitively, that 16 is a better starting point for ads, a view implicitly supported by recommendation nine of the Bailey Review.

The FTC made clear that they had no intention of getting into a discussion about raising the age limit from 13 to any alternative chronological punctuation mark and, in a sense, I sympathise. With no research to support any other age and no mechanism to check or enforce it anyway even if there was, what’s the point? The FTC also spoke about the potential knock on effects of raising the age limit, for example in terms of perhaps limiting older children’s constitutional rights to access information entirely of their own volition. An excellent point but was it fully explored and argued? Were all of the right actors and players around the table?

I’m left with a feeling that policy is being made in a curious way. What was meant to be a discussion about how to protect children and young people became, instead, a discussion about the limits of what we could do to protect children and young people. And those limits were not connected to the position of the child or the young person. They were linked to concerns about the undesirability, maybe the unconstitutionality of impinging on the rights of others. Hmmm.

Has the internet created a class of absolute rights?

I have heard it stated baldly and in terms that, in relation to the internet, there is now a class of rights which adults hold and enjoy that under no circumstances should ever be abridged, restrained or balanced by any considerations of any kind about anything else, including a concern about children’s safety. This flies in the face of an established principle of law recognised in very many countries which says, where there is an unavoidable conflict, that the rights of children should be given pre-eminence on matters to do with their personal safety and development.

Bear in mind very often when we look at apparent conflicts between the rights of children to be protected from, say, pornography or alcohol, and the rights of adults to have either or both, in truth there isn’t a real conflict at all. No one I know says pornography and alcohol should not exist, neither have they said that adults should never be allowed to consume them, even simultaneously if they wish! What is said is that adults can reasonably be expected to put up with minor degrees of inconvenience, be required to negotiate one or two hurdles, simply to ensure that children are not unjustifiably or illegally exposed.

If the debate on COPPA was going to be about the rights of children versus the rights of adults or anyone else might it not have been better to bill it that way expressly and engage with, reach out to, a wider set of interest groups? As far as I can see the discussion at and around the FTC processes was dominated by the usual suspects: large, rich high tech companies, industry lobbies and their proxies.

I appreciate that this is a complex and difficult issue but that is not a reason for running away from it or allowing it to go by default to the loudest voices, the biggest muscles, the deepest pockets and the best connections.

Leave us alone. Preferably forever

In all its fundamentals a deeply flawed system has been left more or less intact by the COPPA Review. Searching or challenging solutions or options are eschewed. We are going to get more of the same old same old from the Leave Things Exactly As They Are Brigade.

In an industry that glorifies the new and the novel it is curious how there are some new things people will fight hard to avoid or don’t want to try, not even once. So, in the name of education and empowerment, we are going to be fed a diet of yet more funky videos, more web pages. All good stuff. I am completely in favour of them. You can probably never do too much on the education and awareness front and it is vital that we keep the messages fresh and interesting. Education and empowerment are incredibly important but pardon me for observing that they cost the industry the least, put them to the smallest amount of trouble and, well, as I said, this leaves things more or less exactly as they are.

The unknown unknowns and the unknowable

Then there’s that other peculiar argument which says it is important not to create any new rules because there is a chance they might constrain future technological developments. Think about that for a minute. Businesses say

Don’t tie us down with new rules because if you do, it might make it harder for us to do things in the future that we haven’t thought about yet.

In an odd way this has echoes of bits of the anti-science lobby. The anti-science people want lots of rules to halt certain kinds of investigations. As far as I can tell this is because there is a worry that the researchers might find something which offends or challenges the antis’ religious or other beliefs. If you don’t share those beliefs that’s simply your hard luck. The internet guys want no rules so they can do anything that might catch their fancy.

Both positions make no sense. Public policy has to be based on reasonable interpretations of the current state of knowledge. It cannot all be left to hang on invisible contingencies. That’s more reminiscent of voodoo and Donald Rumsfeld.

No incentive to do anything

In 1998 when the law was passed, and in 2000 when it was implemented, the term social networking site had yet to be coined. When social networking sites finally arrived on the scene all of the ones that were not expressly aimed at young children adopted 13 as the baseline for membership simply in order to avoid having to get entangled with what they thought would be the messy, expensive, time-consuming and off-putting business of obtaining parental consent for anyone younger. They took the line of least resistance, the fastest route to a buck blessed, as they were, with a perfect alibi.

Get out of jail free

COPPA handed everyone a Get Out of Jail Free card. As long as the company had no actual knowledge that a person was under 13 they had no liability. The review decided no change was needed to this aspect of the rule. In one bound sites are given no incentive at all to try to find out a user’s real age. This has had a chilling effect on innovation, and most emphatically not in a good way.

If no such lassitude had been allowed, companies would have had a major motivation to come up with a solution. Maybe that would have slowed down the pace of development somewhat, who can say? It is academic now, but equally we might not be in the situation we are in now where the rule is honoured almost as much in the breach as in the observance. Children and young people are shown how easy it is to get what you want by telling lies, parents are encouraged to become co-conspirators in subverting and evading the rule.

Can this really be a sound basis for public policy, for encouraging children and their parents to trust the integrity of rule-makers and the companies that stand behind them? I don’t think so. On the contrary this posture will tend to lower both the industry and the rule makers in the esteem of children and their parents. It will help spread cynicism.

Let’s not forget: there are lots of successful social networking sites around the world without any age limits or restrictions. It is not pre-ordained that 13 should be a beginning or an end for anything. Moreover, as I’ve already indicated, Facebook and others could perfectly properly and lawfully have sub-13s on their site now. All they would need to do is obtain verifiable parental consent. They choose not to do that. They could make a different choice.

And the results

Professor Sonia Livingstone of the LSE and others have documented the results of the current mess. The EU Kids Online study reveals that, at the time of writing, 20% of all 9-12 year olds in Europe who use the internet are also using Facebook. Facebook specifies 13 as its minimum age. In some individual countries the proportion of 9-12 year olds on Facebook is way above the average for the continent e.g. 53% in Cyprus, 48% in Slovenia, 46% in the Czech Republic and 34% in the UK.

9% of 9-12 year old children in the UK on Facebook say they have set their profiles to adult. Thus all of the default safety settings which apply if you declare your age to be sub-18 are simply not there. Mind you the CEO and Founder of Facebook, Mark Zuckerberg, made clear at one point that he thought the COPPA restrictions on sub-13s are unwarranted anyway. He said he wanted to overturn the COPPA rule although he does seem to have rowed back from that a bit lately.

Nothing in the FTC’s report is likely to change the numbers shown above. The FTC has expressly not endorsed the idea of age verification. Here they have reached a different conclusion from the UK’s Bailey Review which said, plainly, if you prescribe an age qualification of any kind which is linked to the provision of an online service then you should also demonstrate that you have a mechanism for ensuring it is honoured.

No interest in changing the status quo

It beggars belief that some of the slickest, richest, cleverest companies on the planet cannot solve this problem. I am driven to conclude they simply don’t want to. There’s no money in it. It’s not going to bring in extra revenues, indeed it might have a negative impact on revenues.

On the other hand it could be slightly worse than that. Is it possible that the social networking sites know perfectly well that the current regime is not sustainable but they’ve simply decided to drag it out for as long as they can? If you can’t beat it delay it. A dollar you need to spend five years from now is a lot cheaper than a dollar you need to spend today and who knows where we will be in five years anyway?

And now some good news

When the FTC last looked at the operation of the COPPA rule, in 2005, they made no recommendations for change of any kind. This time, for all that some key pillars are left undisturbed, several recommendations for change have been made and they are definitely good ones that should be welcomed. Here is the relevent paragraph

The FTC proposes updating the definition of “personal information” to include geolocation information and certain types of persistent identifiers used for functions other than the website’s internal operations, such as tracking cookies used for behavioral advertising. In addition, the Commission proposes modifying the definition of “collection” so operators may allow children to participate in interactive communities, without parental consent, so long as the operators take reasonable measures to delete all or virtually all children’s personal information before it is made public.

It is also now clear that all mobile apps and mobiles generally are covered. Then there are various provisions which may result in more just in time prompts being given as different types of information are being sought. The number of parental consent mechanisms are being expanded, and the email plus system is being struck off. It is no longer considered an acceptable way of obtaining parental consent. The rest are to do with the Safe Harbor provisions and security issues. All good stuff.

Short of some unimaginable and unwanted calamity, such as would galvanise US public opinion, my gut feeling is the issue of age related services being provided free to the end user, paid for by advertising, will continue to meander along in a desultory way. I am pretty sure the same will not be true for other jurisdictions. Keep your eyes on London and Brussels.

Everybody acknowledges that this isn’t an easy problem to solve. It could raise issues which touch and concern everybody’s human rights, but equally there are ways of approaching it that need not. Instead of searching out alibis for inaction somebody should be looking for a white horse.

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Advertising, Age verification, Consent, Default settings, E-commerce, Facebook, Location, Privacy, Self-regulation. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s