In the early days of COPPA – the Children’s Online Privacy and Protection Act, which went into effect in 2000 – we literally had parents faxing permission forms to our office at Highlights for Children. (And guess who had to manually enter all of the zillions of email addresses?) We needed permission because our site collected and utilized personal information at various points. The experience we created tracked basic metrics on web usage, so we could figure out how long the average sessions were, where they went in the site, and occasionally how many messages they were posting.
At the far more complicated end of the spectrum, fast forward to 2007ish when Natalie and I were working on a project called iREAD (interactive reading experience with adaptive delivery) at Sesame Workshop, which was a partnership with Wireless Generation and funded by the Department of Education Ready to Learn program. We collected data, with the permission of parents and teachers, that was so detailed that we could see the children’s patterns of errors between the letters “b” and “d.”
Data also allowed us to understand a small portion of the population who had errors that were through the roof. At first glance, it looked like they were pretty bad at some specific literacy skills. But thanks to the data, we could look at their patterns of answering. In some cases, the children systematically selected the answers in order, so if the correct answer was at the bottom of the list, they had a high number of errors. The other kids were systematically selecting all the **wrong** answers first and the correct answer last. In effect, they were getting 100% correct, but in the backward way. (Cognitively, it’s pretty hard to make sure you always get the wrong answers out of the way first.)
The data helped us identify outliers and then we were able to investigate why they were in that category. In that particular case, it turns out the kids were actually not at risk with regard to their reading skills, whereas the intervention was designed for at risk students. We were effectively boring those kids, and they decided to mess around with the system instead. If we didn’t have the data, we might not have made that realization.
Today data is a double-edged sword. The advanced and ever-connected nature of technology means there’s amazing data to be collected, from basic demographic information to extensive behavior metrics. When adult’s data is in the mix, the moral high ground insists that we at least declare that we’re collecting the data. In the case of children, we must ask parents permission, even if the laws haven’t yet caught up to the latest technology scene.
That’s the problem. The laws aren’t up to date, which means the temptation to collect this data on the sly is high. Oversight and laws are limited, and those that do exist are subject to wide interpretations. A recent New York Times article discussed the findings of a recent Federal Trade Commission report – of 400 Android and iOS children’s apps reviewed, only 20% disclose data collection practices.
In a time where the FTC is about to revise the COPPA ruling for today’s technology, it doesn’t bode well for life getting easier for those of us who wish to collect data in any way, shape, or form. The FTC is expected to strengthen the ruling, and some of the possibilities could be downright stifling for innovation based on data collection, personalization, and adaptive learning.
The most horrifying misuse of data that I’ve seen lately was also in the New York Times article – Delta is being sued by the attorney general’s office of California for their lack of data collection notification. What is Delta collecting from me, among other users? My personal information, like my name and email address, but also my location and photographs. Photographs? Really, Delta???
We’ll have to wait and see where the FTC settles in their COPPA revision, but in the meanwhile I have a message to share to developers and parents. (The last time I made a statement to developers in my in-app purchases post, I was scolded by developers for not pointing out the parents’ responsibility as well.)
Parents, while it’s not always easy to know exactly what data is being recorded, it is our responsibility to arm ourselves with information. If you’re unsure about the policies of a particular program, trust your instinct or stick with the trusted sources.
As for Delta and the others who we thought we could trust to do the right thing, at least we have the California attorney general’s office to look out for us!
If you want another good Times article on mobile app transparency, check this one out. Otherwise, have a very happy holidays from all of us at No Crusts and we’ll see to you in 2013! Feel free to give us a yell at info@NoCrusts.com or on Twitter @noCrusts.