Today the BBC has reported that TikTok has been fine 186 million won by the Korean Communications Commission for the mishandling of children’s data who are under the age of 14 because TikTok collected data from children without parental consent (BBC, 2020). The standard protocol of companies and governments has been and will continue to be that the parent or guardian will control the private data of their children. But what about when parents release details about their child?
While parents control their child’s data, adults should be educated about the potential repercussions of posting sensitive details about their child and how it can affect their future. Parents should also retain control of the privacy of children but, the child’s decisions have shown to be equally relevant in some scenarios as is shown in pre and post-digital era governance.
In the United States of America and correspondingly in other western nations there is governance which has previously, explored similar ethical issues regarding the release of sensitive details of a minor. Two USA based legislations that explore this include HIPAA (The Health Insurance Portability and Accountability Act of 1996), COPPA (The Children’s Online Privacy Protection Act of 1998), and the European Unions Right to Erasure under GDPR (General Data Protection Regulation of 2016/679).
When exploring HIPAA; the act recognizes that Parents including guardians have the right to make health care decisions for them. As such they and the child generally have access to their children’s protected health information and can release said info as needed. Some exceptions to this include when the minor consents to care and consent is not required by a parent under state or other law when the minor obtains consent by a court, and when the minor obtains permission from the parent for a confidential relationship with the provider (Office for Civil Rights Headquarters, 2002).
With COPPA, the act recognizes the parent’s right to access and put parents in control of their children’s information to review, gain access to, consent to, or remove said information for children under 13 (Federal Trade Commission, 2015). It is accepted that access and consent to information by a parent or guardian is granted under US governance in most circumstances. This includes the release of information and could be extended by virtue into posting photos, information, etc.
However, when we look at HIPAA the individual can make informed decisions about their privacy should it reduce harm to that individual. This is something that should be taken widely into consideration of privacy decisions with technology as well.
In the event of which public information is disclosed which can harm an individual, it should be ultimately up to said individual to have a larger say in the right of removal or right of erasure. This very topic is implemented in the EU whereby both adults and children can request in most circumstances the removal of information (International Commissioner’s Office, N.D.). For example, someone who is no longer a child or someone who can competently exercise their own rights can request the erasure of data. Or have their voice taken into consideration even if they are a child for the consent of collection of data.
While there are certainly benefits and downfalls to each option, a blend of policy from HIPAA, COPPA, and Right to Erasure will enable the implementation of ethical policies that take into consideration contemporary technological capability and context. My proposal is this: Parents or Guardians must be made aware of and educated through the platform around the privacy and outcomes of supplying information about children.
In each instance of a data release request, the platform should identify through a combination of AI learning and algorithmic that a child’s data is about to be made public. A unified easy to read education structure will then educate the user on who can see the information, who has access, and who can control the information. At which point individuals can make a consented choice in the release of a data request as to whether they would like to continue or go back without releasing data.
Should the individual request for the erasure of data about themself it should be upheld in most scenarios.
Ultimately the governance in multiple countries states that a parent should retain the accessibility of data for their children. Easier communication of how the data is used should be implemented by business and government to make better-informed decisions by parents while adhering to the individual’s choices as well. We can educate consumers about scams when transferring money, or their dietary needs on the packaging. Why should data privacy controls remain in its infancy due to it being put on the back burner?
- BBC. (2020, July 15). TikTok fined for mishandling child data in South Korea. Retrieved July 21, 2020, from https://www.bbc.co.uk/news/technology-53418077
- Federal Trade Commission. (2015, March). Complying with COPPA: Frequently Asked Questions. Retrieved July 21, 2020, from https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions
- Office for Civil Rights Headquarters. (2002, December 19). 227-Does the HIPAA Privacy Rule allow parents the right to see their children’s medical records. Retrieved July 21, 2020, from https://www.hhs.gov/hipaa/for-professionals/faq/227/can-i-access-medical-record-if-i-have-power-of-attorney/index.html
- International Commissioner’s Office. (n.d.). How does the right to erasure apply to children? Retrieved July 21, 2020, from https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/children-and-the-gdpr/how-does-the-right-to-erasure-apply-to-children/