By Lynette T. Owens

Do a  search on the term ‘privacy legislation’ and you will see numerous links to politicians and news stories from the last few weeks.  Online privacy has suddenly become the stage for a huge battle between lawmakers, technology companies, youth and online safety advocates, advertisers, and consumers. 

Most U.S. parents probably don’t realize all of this is transpiring at both a national and state level.  Breaking down one proposed piece of legislation, SB242 from California State Senator Ellen Corbett, may help identify what is fueling all of the action and reaction and, more importantly, remind us of our role in teaching kids how to protect their online privacy.    SB242 is essentially focused on addressing customer online privacy on social networking sites.  There are three provisions in the bill that deserve a closer look.

Online services – social networking, shopping, news or music subscriptions, gaming, etc. – require you to provide personal information in order to use them.  Those services that do everything in their power to protect that information are more likely to attract and keep users/viewers.  For most online services, this is a no-brainer because the primary interaction is between you and the site.  The information you share with them – from address to age to shopping and surfing habits – could be used by the site to improve your experience with them.

But this expectation does not apply to social networking sites. These sites are most effective (to you and others) when people divulge information about themselves in order to facilitate, well, networking.  If you hope to re-connect with others who attended the same elementary school, then everyone involved needs to share that piece of information publicly.  It is no surprise, then, that Facebook, Google, and other social networking giants have voiced their opposition to SB242. 

Cynics believe that Facebook, in particular, is fighting SB242 for the sole purpose of maintaining their value to advertisers who want to target their messages to potential buyers on the site.  The more you divulge, the more they can tailor advertising to you.  Whether or not this argument is true, I do not think provision #1 of SB242, which would require all social networking sites to change the default privacy settings to only display name & city of location, will have much impact on how people use the site.  There isn’t much value to a social networking site if everyone strictly divulged  names and locations. .  Whatever the default settings are, people will share, since that is what makes these sites popular and entertaining.  I don’t think sites should feel threatened by this provision and complying with it without coercion could only benefit them in the public’s eyes.  But as a parent, I also don’t think this provision is the solution to protecting my own or my kids’ online privacy.  Once they are on it, they can still share whatever they want.  It is my responsibility to ensure they do this safely and responsibly.

I do expect that information I decide is private be kept so, and that organizations don’t share it without my permission and will take every measure to keep that information safe and secure.

Provision #2 of SB242, asks that social networking sites make their privacy settings and policies easily accessible and understood.  I agree that privacy policies (some of which run upwards of 6,000 words) and privacy settings could be more optimally presented.  But like any product or service feature, improving it should be informed by user input (market research, customer testing, etc.) because there is a lot of subjectivity to what is considered “easy to use”.   While I am not necessarily advocating this to be law, I would be ecstatic if online services of all kinds, on their own volition, would consider the data privacy wish list I put together earlier this year, specifically items #2 & 3.  Anytime I sign up for an online service or app, give me an easy to read checklist of the information you are collecting (beyond what I type in), what it is used for, and the benefits of providing that information.  Let me choose to share it or not, and change my mind later if I wish.  This is not a big stretch from what sites and apps do today, although I do see some newer technologies (see my post on the Microsoft Xbox Kinect) where this transparency is lacking.

The third part of SB242 is one that has caused a lot of consternation, partly because of its practicality, but mostly because it doesn’t address the real problem.  Regardless of the site’s policy settings, this part of the bill stipulates that if a teen willingly posts personal information publicly (such as their phone number), it is the sites’ responsibility to get involved in that teen’s poor decision and take down the content within 48 hours at the request of the teen’s parent, or else face a penalty of up to $10,000 for every incident. 

If you can verify with 100% accuracy that someone is, in fact, the parent of an online teen, this seems like a reasonable thing to include in the bill.  More importantly, if you believe that no teen ever does anything their parents do not like, then it seems feasible to comply with this part of the bill.  In the real world, however, this is an impossible task, especially if kids are not receiving any guidance on the safe and responsible use of the Internet from their parents in the first place. 

This part of the bill is not the most effective way of ensuring that kids learn to think critically about the consequences of posting certain personal information.  Offline, there is no “delete” button; if we say or do something we later regret, we live with the consequences and we learn to do differently next time.  Kids and adults should apply the same critical thinking while they are online and that can only happen through education.

After speaking with Alison Merrilees, legislative director for Senator Corbett, I believe the staff understands why there has been a strong backlash to this part of the bill and they are working on revising it so it’s more reasonable yet still preserves its intent.  While I have not experienced this personally, I believe there are many complaints that it is difficult to have your own account removed from some social networking sites, and this is something that certainly can and should be improved.

Regardless of the outcome of SB242 or any legislation currently being considered (such as the Do Not Track (FTC) and Do Not Track Kids (Markey/Barton) bills in Washington DC), we must remember as parents, we play the most important role in helping our kids maintain their online privacy and reputation.   We are the ones tasked with helping them navigate the world, online and off, deftly and responsibly.  No law and no site can ever be an understudy for that role.

For tips on how to use social networking sites safely and securely, go to: www.trendmicro.com/internetsafety

And for a great guide to using Facebook’s privacy settings from ConnectSafely, go to :  www.fbparents.org

Lynette Owens

Lynette Owens

Lynette Owens is Vice President of Global Consumer Education & Marketing at Trend Micro and Founder of the Internet Safety for Kids and Families program. With 25+ years in the tech industry, Lynette speaks and blogs regularly on how to help kids become great digital citizens. She works with communities and 1:1 school districts across the U.S. and around the world to support online safety, digital and media literacy and digital citizenship education. She is a board member of the National Association for Media Literacy Education, an advisory committee member of the Digital Wellness Lab, and serves on the advisory boards of INHOPE and U.S. Safer Internet Day.

Follow her on Twitter @lynettetowens.