Google Buzz & kids' privacy

Because Buzz is brand-new and a hybrid of Gmail, micro-blogging, cellphone social mapping, and social networking, we're all at the early stages of figuring out its implications for kids – a lot of whom use Gmail. Yesterday Charlene Li, a mom and well-known social-media-industry analyst, blogged that she had discovered her 9-year-old daughter was using and really enjoying Buzz. Using it from her computer (people can also use Buzz on Apple iPhones and Google Android phones), the child had had one conversation on it with her friends. The problem was that the kids didn't know their conversation was public. Li wrote that "the easiest thing to do as a parent is to simply disable Buzz, meaning that the Google profile and all followers are deleted – permanently" (go to the bottom of your child's Gmail page and click "turn off Buzz," which will take you to where you can disable it). But because Li's daughter enjoyed Buzz so much, she seems open to "managing groups, privacy settings, etc." so her child can continue using the service. "We’ll give it a try," she writes, "but unless her friends also keep the conversation private, it will all be for naught." Ensuring that with all the other kids and their parents could be quite a project. Privacy is now a collective effort – by users too, not just providers (see "Collaborative reputation protection").

Last summer Google agreed, in response to a complaint by one of the FTC's "safe harbors" (organizations that help it enforce the Children's Online Privacy Protection Act, or COPPA), to require a birth date at registration to Gmail and, if a user indicates he or she is under 13, a session cookie to block the user from re-registering with an earlier birthdate. That's a start, but what this issue points to is the impact on children's privacy of combining social-media products within companies and connecting them across networks such as Facebook Connect. Perhaps the FTC's forthcoming review of COPPA rules and enforcement will address this emerging issue. But we feel the brilliant software engineers and project managers who develop these products need to wear their parent hats more, companies need to be thinking through children's privacy from the earliest developmental stages, and industry best practices need special sections or clauses addressing child privacy and safety. [See also "Google Buzz isn't exactly humming along" in the Wall Street Journal; "Does Google Buzz violate COPPA?" by Marquette University law Prof. Bruce Boyden (the jury's still out, he indicates); and my post at Buzz's launch, "Major buzz about Buzz, but not about its safety."]

COPPA 2.0 isn't kids' privacy 2.0

Remember COPPA, the Children's Online Privacy Protection Act of 1998? It was designed to protect the privacy of children under 13. According to Berin Szoka and Adam Thierer, who just completed a paper for policymakers on current efforts to change COPPA, "the law was intended primarily to 'enhance parental involvement in a child’s online activities' as a means of protecting the online privacy and safety of children." What's happening is, lawmakers in five or six states are considering extending COPPA's requirement for obtaining verifiable consent from parents of under-13s to parents of all minors, as Thierer explained in an audio interview at CNET with ConnectSafely co-director Larry Magid. There are significant potential problems with that, Thierer suggests, not least of which is that a law intended to protect children's privacy could, with such revision, actually put it at greater risk. Under-13s and people 13-17 are very different developmentally, so there is also the important question of whether it's appropriate or even constitutionally sound to require verifiable parental consent from everyone up to the age of 18 to be allowed to register in any site with social-networking functionality? Do check out the CNET interview for more on this.

Google-brand social mapping

Google just launched its version of social-mapping called "Latitude." It reportedly works on a lot of phones, not just Google's own Android, and people get the little app by going to Google's page on the subject, typing their mobile numbers into the box and getting a text message from Google with a download link in it, ComputerWorld reports. "The idea is you install Latitude on your cell phone and invite your geeky friends to do the same. Then they can see exactly where you are on a Google Map on their phone or the Web, and you can see them. Feel like hiding from the world? Tweak the privacy settings and you disappear. Or you can just X out certain friends when you're no longer feeling so friendly toward them." So if it sounds a little invasive, good, that means you'll work through the privacy features (and help your kids do the same). In fact, it's so easy to get that you might want to talk with your early adopters right up front about privacy features and why they're important. Latitude is not new, though. Three-year-old Loopt, also in Mountainview, Calif., is a pioneer in the social-mapping space, and particularly in user safety and privacy. Coverage in Forbes and CNET too.

Britain's 'child protection database'

This is what some in the UK call "child protection"? The BBC reports that "a child protection database" containing "the name, address, parents' contact details, date of birth, school, and doctor of every child in England" is being established "to improve information-sharing between professionals working with children." It will be accessible to 390,000 people described in the article as "local authorities, police, health services, and children's charities." Parents will not be allowed to remove their children's information from the database, the BBC adds. Children's Minister Baroness Morgan said "there will be provision for 'shielding' the details of young people facing risk if they were identified," the BBC reports. It says Conservatives attacked the £224m ($315.5 million) database as "another expensive data disaster waiting to happen," leading one to wonder if anyone remembers that UK database security breach in 2007 that jeopardized the personal information of "virtually every child in Britain" (see my item on this). [Thanks to QuickLinks for pointing this news out.]