Understanding Conceptualizations of Digital Privacy in Children
A dramatic change in 21st-century childhood is that children are interacting with technology at an earlier age and for a higher proportion of their waking hours, than ever before. This trend is driven in part by the proliferation of smartphones and tablets with intuitive, easy-to-use touchscreens, mobile apps targeted to children, voice-activated smart speakers (e.g., Amazon Echo), and Internet-connected toys (e.g., Hello Barbie).
In their interaction with such devices, children often reveal information about themselves or their family – either explicitly or through implicit data collection and tracking – without being aware of doing so. Data collection from and about children poses numerous privacy risks, ranging from targeted advertising and content manipulating children’s preferences to exposing personal information to predators. Being subject to extensive data collection from an early age may also ‘normalize’ privacy intrusions and hamper children’s ability to critically evaluate privacy risks later on. As a consequence, special privacy protections for children exist in law. The U.S. Children Online Privacy Protection Act (COPPA) and Europe’s General Data Protection Regulation (GDPR) require parental consent for children under the age of 14 (under 16 in Europe), restrict how information about children can be used, and further require privacy notices for children that explain data collection and processing to them.
To date, almost nothing is known about how children understand and conceptualize privacy risks. The study of cognitive development includes almost no prior research on digital privacy, and privacy research has been focused on teens and adults but not children. Yet such knowledge is crucial in order to appropriately manage privacy risks for children, to communicate data practices to children in ways that they can understand, and to educate children about privacy risks. This project aims to provide a deeper understanding of how children at different ages conceptualize technology-related privacy risks. Specifically, we propose to investigate:
- Children’s understanding of what information is collected through a given technology, by whom, and for what purpose;
- Children’s awareness of and reasoning about associated privacy risks;
- How children’s privacy conceptualizations (points 1 and 2) are affected by their judgments of trustworthiness (as cued by different kinds of technology, and different kinds of data recipients); and
- What communication approaches support children in understanding a technology’s data practices and privacy risks.
Research procedures will draw on established experimental methods used in the literature to assess children’s concepts.