Congress has made it clear that protecting children online is a priority for 2024. And while scheduling blockbuster hearings, hosting panels, and litigating in the press can help draw attention to a pervasive issue that demands a resolution, many of the proposed legislative solutions fail to actually keep kids safe online.
Bills like STOP CSAM, KOSA, EARN It, etc., while valiant in their intentions, miss the bigger picture. Kids are safest from exploitation when online platforms are not forced to collect their personally identifiable information and other data. Requiring every online platform kids could access - whether social media sites, news publications, or online stores - to take inventory of birth dates, drivers licenses, etc. puts our kids’ (and adults) most private information in the hands of just about anyone who hosts a website on the internet, raising the risks of all too common data breaches and identity theft.
Legislation like this also has the very real potential to backfire. Allowing the government to subjectively restrict access to news media and other information, or limit free speech online, raises significant constitutional and civil liberty issues.
However, just because the bills currently in front of federal - and some state - legislators are problematic does not negate the opportunity or potential for real solutions that marry the protection of data with the safety of kids navigating an increasingly online world. Before any piece of online safety legislation moves forward, policymakers should consider the following criteria as core guidelines.
First and foremost, companies should minimize the collection, use, and retention of children’s data. Only collecting and using the necessary information instead of forced collection of sensitive information will lead to more privacy protections not less. Data minimization is especially important for processing children’s data because children are generally more trusting and less aware of the risks related to sharing personal information.
Second, any piece of online safety legislation should require companies to maintain robust security safeguards for users, including children, that are appropriate to the level of sensitivity of the personal information collected, used, or shared. Security safeguards are a fundamental principle of privacy protection. The safeguards should incorporate protections against such risks as loss, or unauthorized access, destruction, use, modification, or disclosure of data. It should also include precautions against the deliberate abuse or misuse of information, and facilitate the detection of any violation of the security system.
Third, easy-to-use and easy-to-access tools that empower users to customize privacy protections and exercise rights over their own data should become industry standard. Instead of putting bureaucrats in charge of deciding what content families can and cannot access, companies should provide tools and be transparent about their privacy practices providing users concise, prominent, accessible privacy policies that use clear and plain language.
Fourth, it is also critical that policymakers recognize the need to help educate children and parents about safe online practices. Just as we teach children to look both ways before crossing the street, we also need to teach them to think about managing personal information they choose to share or not share online. Funding for digital citizenship programs and other educational opportunities for families, educators, and the general public could go a long way in supporting a holistic approach towards protecting the privacy of America’s children.
To accomplish all of these goals, policymakers can adopt strong rules, such as a federal preemptive comprehensive privacy law, to make sure platforms remain accountable to strong rules protecting all children across the United States.
We can create a more attainable reality where kids can indeed stay both safe and connected online, it just takes the right legislative solution.
Chris Mohr is President of Software & Information Industry Association
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.