What should we teach children about online privacy, and how?
As children use more online services, concern has been growing about the increasing amounts of data that they share with tech companies, as evidenced by the UK Information Commissioner’s Office’s efforts to create a code of practice that would outline age-appropriate design principles for online services likely to be accessed by children. Here, London School of Economics’s Professor Sonia Livingstone, Mariya Stoilova and Rishita Nandagiri offer insights into the problem and what can be done, based on the findings of their research into children’s data and privacy online.
Over the past year we have been talking to children, parents and educators about online data and privacy as part of our ICO-funded project Children’s data and privacy online: growing up in a digital age. We found that children are becoming aware of the commercial and institutional uses of their data and they care about their privacy.
What should we teach children about online privacy?
Children’s media literacy plays an important part in how they can understand, manage and safeguard their privacy, as accumulating research makes clear. Efforts need to be made to create a learning environment which allows children to develop not only the necessary technical skills but also a broader understanding of how media and data are created, recorded, tracked, aggregated, analysed, distributed, applied, used and commercialised. We found that children understand and consider privacy most often within the realm of interpersonal relations and the intentional sharing of data. For them, privacy revolves around managing relationships and information, often trying to navigate monitoring by adults such as family members or teachers.
This creates important gaps in children’s ability to foresee and navigate institutional and commercial aspects of privacy. Awareness of how their data are used is partial and often hard to master, certainly by the youngest (11-12) but also by the oldest children we spoke to (15-16 years old), and by their parents and teachers. After all, this requires developing an understanding of the complex data ecology and business models operating in commercial and institutional contexts. This larger understanding – of platform architectures and networked data flows and transactions – is something children are rarely taught about, whatever their age or maturity. It’s also insufficiently researched.
Who can help teach children?
Children often turn to their parents for guidance about privacy online, but parents feel ill prepared: most are confused about the ‘datafication’ mechanisms operating in the digital environment and the dangers these pose to privacy.
Teachers, similarly, find themselves trying to keep up with a fast-changing digital environment and with their students. They focus mostly on what works in everyday teaching and safeguarding. They acknowledge but are less prepared to meet the numerous challenges that online data and privacy pose for the digital literacy curriculum, as well as the need to think critically about the format of delivery and embeddedness of technologies in the learning process, and find ways to promote more engaging opportunities and positive messages.
Both parents and teachers find it hard to predict the future implications of children’s datafication or to grasp just what harms may arise. No wonder they are unsure about what actions they should take or what advice they should give to children. So, more resources are needed to support not only children but also the parents, schools and the various organisations that work with families, including with vulnerable children.
An online toolkit for children, parents and educators
The toolkit is aimed at children of secondary school age, with resources also for parents and educators. It was developed with the participation of a mix of children in school years 8 and 10 (aged 12-13 and 14-15).
We collected the best resources on online privacy that we could find, with the help of experts and practitioners. We reviewed these according to several: relevance and suitability to children, good quality, free access, no need to create an account, and no installing or downloading. The selected resources were then presented to three child juries in March 2019 where 18 children assessed each and advised on the design of our online toolkit.
Please visit www.myprivacy.uk and see what you think! We’ve included information and resources on: why privacy online is important, how online data is generated and used, children’s rights, privacy-related risks and protective strategies, where to seek support, suggestions and recommendations from children, and fun resources to watch and play.
These topics were selected based on the questions and recommendations made by children who participated in our project and they cover the areas where we found substantial knowledge gaps in our focus group discussions with children. The resources for parents and teachers are intended to help them support children’s learning about data and privacy online and to answer the questions that we know children have.
Media literacy is not the ‘silver bullet’
Educational efforts are extremely important but media literacy should not be seen as the ultimate solution to all problems. Children cannot and should not be expected to understand and manage the full complexity of the online environment. Instead, some solutions need to happen at the level of regulation and design – a demand that children, parents and teachers insist on. At present children do not have a meaningful relationship with the businesses or institutions that process their personal data. This will have to change if children’s right to privacy is to be protected.