This blog post summarizes a paper about children and privacy online that will be presented at the ACM Conference on Computer-Supported Cooperative Work and Social Computing on November 7th.
Glance into a typical family living room or school classroom and you’ll probably see tablets or netbooks among the toys, books, and other objects of childhood. Children commonly go online to entertain themselves, to communicate with others, and to learn. Since these activities involve disclosing information and managing user accounts, that means children are also managing aspects of privacy and security online.
To understand more about how children conceptualize privacy online, a research team and I interviewed 26 children ages 5–11 and 23 parents from 18 families in the Washington, DC metropolitan area. We also walked through a series of hypothetical scenarios with children, which we framed as a game. For example, we asked children how they imagined another child would respond when receiving a message from an unknown person online.
We used a privacy framework known as “contextual integrity” to interpret our data. Contextual integrity sees privacy as the right to have your personal information flow appropriately — meaning that it flows in ways that align with your expectations of what information will flow to whom, and under what circumstances, in a given context. (For more on how we used the contextual integrity privacy framework in the study, see this post I wrote for Princeton’s Freedom to Tinker blog.)
The children we interviewed understood certain aspects of privacy and security. They described that some types of information (or attributes, in contextual integrity parlance), like passwords, are more sensitive than others. They also knew that it is more appropriate to share information with some types of people (or actors), like parents or teachers, more than others, like strangers.
But children ages 5–7 had gaps in their knowledge. For example, younger children did not seem to recognize that sharing information online makes it visible in different ways than sharing information face-to-face. By contrast, a few 10- and 11-year-olds explained how sites like YouTube can track what users do.
It’s understandable that children, who experience extensive cognitive, social, and emotional development between the ages of 5 and 11, would differ greatly in their conceptualizations of privacy and security. But since children are going online at younger and younger ages, might there be an opportunity to plant the seeds of good privacy and security practices early?
The children we talked to said they largely relied on their parents for support navigating unfamiliar situations online. Yet the parents we interviewed generally did not feel their children were exposed to privacy and security risks. They felt such concerns would arise when their children were older, had their own smartphones, and spent more time on social media.
We realize that parents may hesitate to see digital devices as a source of risk, given their ubiquity in everyday life. But as the lines between offline and online increasingly blur, it is important for everyone, including children, to recognize (and remember) that use of smartphones, tablets, laptops, and digital assistants can raise privacy and security concerns. The answer is not to stop using these devices, but to develop the skills to address concerns when they arise.
Compared to teenagers, younger children are often more willing to accept advice from their parents. The Federal Trade Commission and the Family Online Safety Institute provide online safety resources for parents, but we believe that parents and children would benefit from the creation of educational resources or technologies that focus on helping younger children learn about privacy and security.
Some ideas include a child-friendly ad blocker to help children learn who can “watch” them online or an app where parents and children can work together to practice relevant skills, such as creating a strong password. For more suggestions about how parents can help their kids learn about privacy online, see this article I wrote about the study for Slate.
If you have questions or comments about this study, email Priya Kumar at pkumar12 [at] umd [dot] edu.
Paper Citation: Priya Kumar, Shalmali Milind Naik, Utkarsha Ramesh Devkar, Marshini Chetty, Tamara L. Clegg, and Jessica Vitak. 2017. ‘No Telling Passcodes Out Because They’re Private’: Understanding Children’s Mental Models of Privacy and Security Online. Proc. ACM Hum.-Comput. Interact. 1, CSCW, Article 64 (December 2017), 21 pages. DOI: https://doi.org/10.1145/3134699