A look at child privacy from Michelle Horton
News and information from the Advent IM team.
News and information from the Advent IM team.
Thank you to Advent IM Security Consultant, Michelle Horton for this post.
A recent headline in the news has caught my attention, “Amazon may be recording kids without consent”. Chapters 3 and 8 of GDPR explain that children have the same rights as adults over personal data and may exercise their rights on their own as long as they are competent to do so (Scotland state this is any child over the age of 12 unless the contrary is proved).
Whilst I appreciate what this statement says, I am unsure what protective measures are in place to stop gadgets such as Alexa have in place to protect our children. Smart phone, tablets, TV boxes can all have a parent guardian passcode, therefore allowing them to be used only with parent guardian supervision if that’s how they are set up. However, whilst I appreciate parental controls can be set up on Alexa (but from what I can find out this is only in regards to the times it can be used throughout the day), what does it have that’s stops our children from giving a command, and Alexa recording? Alexa is not loyal to its “owner” and will exercise any voice command and respond.
Amazon have also released Echo Dot Kids Edition, which in America has been criticised with concerns regarding the privacy of children, however Amazon states it is compliant with the Children’s Online Privacy Act. The concerns are in relation to the fact you can request voice recordings to be deleted or erased, which they are, however the text version of the recording or “text data memory” does not get deleted in the same request. Instead the text data memory is used for “machine learning purposes” and only gets deleted once the “machine learning training” is completed. However I am unable to find anywhere which states how long this process takes and confirmation of the how the text data memory is deleted.
These gadgets in our homes are meant to make our lives easier offering the facility to ask a questions and get the answer without having to physically type something into a search engine. On face value they do. Whilst I do not have an Alexa or Cortana to speak to (as I feel Siri listens to enough), family and friends do own one and they use it all the time to play music, ask about the weather or news and even to settle an argument to see who is right or wrong. This includes usage by my 13 year old sister-in-law. When I queried my mother-in-law on the 13 year olds usage of the gadget, the response was, well what harm can it do, it helps her with her homework? Supporting the argument of making everyone’s life easier. But what happens when this easy life becomes difficult, and our data is compromised or is still being used 20 years later? Even if it is protected and safe, will my 13 year old sister-in-law understand what information is held on her now and may still be used in 20 years’ time? Unless the information is compromised, I’m sure no harm will come to us of the usage of our information 20 years down the line, but that doesn’t take away our right to know.
When amazon makes its policies and states Children should not use their devices without a parent/guardian present, why can’t Alexa be told not to respond to a particular voice as it’s a child? Does Amazon assume based on an Adult buying the device that consent has been given to collect the data of everyone who uses it? Food for thought I think.
However bringing this back to child privacy, within FaceApp’s Privacy notice it does state that “FaceApp does not knowingly collect or solicit any information from anyone under the age of 13. The Service and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us.” The only criticism I have here is that do they take steps to see if they hold this data or wait to be advised?
Are companies doing the bare minimum to keep our children safe and leaving it up to parents/guardians to take the responsibility? I think so. Are parents/guardians fully aware and up to the challenge? I think not. Parents and guardians and in fact children need to be educated on how information is kept, by whom, how long for and what damage can be done if it falls into the wrong hands. I agree that companies like Amazon can’t fully stop children from using its devices, but it could put a few more safeguards in place. Whilst FaceApp terms and conditions are a bit out there, technically in order for it to be downloaded a child would have to have parent consent, obviously this is set by the controls on the device usually set up by the parents/guardians. Therefore FaceApp as a safeguard in place in that sense.