The Wall Street Journal reported last night that Facebook is “developing technology that would allow children younger than 13 years old to use the social-networking site under parental supervision, a step that could help the company tap a new pool of users for revenue but also inflame privacy concerns.”
Of course, millions of children younger than 13 are already on Facebook – some 7.5 million based on 2011 figures from Consumer Reports. And while Facebook does regularly expel underage users from the site, CEO Mark Zuckerberg has made it clear for a while now that he’s keen to find ways for them to stay there.
He’s keen now more than ever, it’s easy to surmise, what with the new, IPO-related pressures for his social network to continue to expand its userbase as well as grow its revenue. There were over 901 million users as of the end of March 2012, so clearly there are plenty of folks out there who don’t have Facebook accounts. But as The Atlantic points out, some of the fastest growth is occurring in developing countries, and these new users aren’t necessarily the most monetizable ones: “To advertisers, American children’s eyes are more valuable than adults from less affluent countries.”
Facebook and the Failure of COPPA
(Purportedly) Standing between online advertisers and children is COPPA, the Children’s Online Privacy Protection Act, which mandates that websites secure “verifiable parental consent” before collecting personal information from those under age 13. Because of the paperwork and the costs associated with this – getting a signature or a credit card number, for example, from every parent – most sites that aren’t aimed at children simply forbid children from joining.
That’s been Facebook’s policy.
But clearly children have joined, lying about their age in order to create Facebook accounts. Many have done so with their parents’ permission. Many have done so with their parents’ help. Researchers danah boyd, Eszter Hargittai, Jason Schultz, and John Palfrey found that 55% of parents of 12-year-olds said their child had a Facebook account; 76% had assisted them in creating the account. Parents' willingness to violate age restrictions is just one of the unintended consequences of COPPA:
The online industry’s response to COPPA’s under–13 rule and verifiable parental consent model is largely proving incompatible, and at times, antithetical to many parents’ ideas of how to help their children navigate the online world. Instead of providing more tools to help parents and their children make informed choices, industry responses to COPPA have neglected parental preferences and have altogether restricted what is available for children to access. As a result, many parents now knowingly allow or assist their children in circumventing age restrictions on general–purpose sites through lying. By creating this environment, COPPA inadvertently hampers the very population it seeks to assist and forces parents and children to forgo COPPA’s protection and take greater risks in order to get access to the educational and communication sites they want to be part of their online experiences.
boyd et al suggest that we should reframe the discussion from whom data is gathered to howdata is used. Moreoever, online privacy measures should offer everyone protection, not just children. There should be greater transparency about how companies use our data, they argue, and we should have more control over what that looks like, no matter our age or background.
That's not what Facebook is doing here -- no surprise.
A Technology Solution?
Last year at the New Schools Venture Summit, Zuckerberg said that COPPA would “be a fight we take on at some point,” and at the time, I wondered what exactly that fight would look like. Because let’s face it. Facebook has a lousy track record on privacy. It’s unlikely to be the force to usher in a practice of more corporate transparency and user control over personal data.
So what’s Facebook’s plan to accomodate both COPPA and the under–13 set? The Wall Street Journal story suggests it’s a technology solution: “Mechanisms being tested include connecting children’s accounts to their parents’ and controls that would allow parents to decide whom their kids can ‘friend’ and what applications they can use, people who have spoken with Facebook executives about the technology said. The under–13 features could enable Facebook and its partners to charge parents for games and other entertainment accessed by their children, the people said.”
Connecting parent and children accounts sounds a lot like what kid-friendly social networks likeTogetherville already do, so this is hardly a unique or untested approach. Togetherville was acquired by Disney last year but shut down earlier this year – kids want to be on Facebook, after all. (Well, maybe. There have been some recent suggestions that the “cool” place to be online is now Tumblr (which does still require you be 13 or older) or Twitter (which has no age restrictions) – not Facebook). Although it's too early to judge exactly what the Facebook "mechanisms" will look like for parental controls, it sounds as though parents may just serve as the bank account for their kids' Facebook Credits with some supervisory access over which people and which apps can connect to a child's account. How transparent will Facebook (and third-party apps and advertisers) be about children's personal information? Probably about as transparent as it is about any of our data.
But what expectations do we have for our children's privacy online? Remember, after all, most parents are willing to let their children join Facebook already. Does Facebook's move mark a change to how we'll think about COPPA? Will Facebook's move prompt a scare? Or a shrug? Is COPPA a fix? Or is it a fossil? How will Facebook’s overture to kids influence other sites, like say Google, and will they follow in its lead? (Of course they will.) Could the “verifiable parental consent” rule of COPPA be expanded to include the “verifiable identity” of Facebook or Google accounts? And what are the implications of that?