San Francisco mother, Amanda Rushing, this month filed a class action lawsuit against Disney for what she claims is the company’s ability to create profiles of children that can be exploited by advertisers. Her lawsuit states that Disney’s ability to do so via its mobile gaming apps is in direct violation of the Children’s lineline Privacy Protection Rule (COPPA). COPPA, first introduced in 1988, exists to prevent website operators from collecting personally identifying information about children without their parents’ consent.
This case brings up a couple of head-scratchers. First, I’m always astounded by how surprised people are that their online profile – demographics, transaction and browsing history, the tracking of their physical presence – is being peddled to marketers worldwide. They find it mystifying.
Second, if you, as an adult, want to use an app that is aimed at children, but you sign in as YOU, then any information shared with the app administrators for you to use that app is not protected by COPPA. That’s because you’re an adult, even if you’re acting like, or posing as, a child online (which is an entirely different and creepy matter altogether). It’s simple: The digital habits of a 43-year-old woman feeding a cartoon character a digital cracker on a free app are not protected. Furthermore, Disney doesn’t have to guess at whether it’s Mommy or Child to make its ad revenue. To the “etailer,” the online habits are all that matter, whether you’re 10 or 43.
Seem like a conundrum? It’s really not.
What’s more mystifying is that so many people don’t get it. People have grown so accustomed to the internet that they forget it is not a public service. The internet a commerce center – and people are not only the customers, but the products.
By comparison, let’s look at the idea of data-peddling in a business scenario. A few weeks ago, a startup approached Vivo offering a fancy bolt-on to our CRM. The product was slick, but we asked a lot of questions, leading the product manager eventually to his sales pitch. He explained that his product doesn’t currently integrate with our CRM, Salesforce (SFDC). Offering what he perceived as a win-win, he said Vivo could have the bolt-on “for free” if we agreed be their test case for Salesforce integrations.
In non-tech jargon, he needs a guinea pig so he can configure his product to work seamlessly with SFDC databases; the *only* way this product would work for Vivo is if we granted access to our entire database.
If we focused on the “free,” we might have ignored the red flags. Never mind the odd reality that this company developed its product for other CRMs but didn’t put the cost and effort into optimizing it for the most widely used CRM. In addition, we know that anyone who accepts something for “free” will eventually pay for it in some other currency. In this case – just as with free mobile apps – Vivo would have paid for it by compromising our data.
We declined, just as people who are worried about the peddling of their personal data shouldn’t use “free” mobile apps.
None of this should be surprising. And yet much of it is surprising, to a lot of people, including the San Francisco mom suing Disney because she believes they peddled her child’s online data.
Getting back to her, did she forget she is the parent? If she wants to secure her child’s data, she needs to be just as vigilant in protecting her child as a company owner would be in protecting their database. Did the child use false information when setting up a profile for the Disney apps? If the child claims to be over 13 when using the app, all COPPA protections are off. It’s the parent’s responsibility to make sure the child’s profile and activity are used and monitored appropriately.
Though they can be clever, companies in the ecommerce sphere aren’t the problem. Users are. Vigilance is key – as parents, as consumers, as business owners. “Free” is never free. If you’re not paying with money, you’re paying with yourself.