The biggest threat to children’s privacy

Estimated reading time: 3 minutes

Yesterday I had the misfortune of discovering an appalling violation of children’s privacy rights: a piece of keylogging stalkerware being sold as a “safeguarding” tool for parents, packaged in a hysterical scare story about sexting.

A tweet thread followed:

This isn’t the first time that children’s privacy rights have been steamrollered in the name of making them safer online. I’m fortunate now to be in a professional position where I can do something about it (somebody has to), and I’ll be announcing some news about that next week.

On the subject of misguided approaches to children’s privacy, I wrote the paragraphs below for my upcoming book, but I cut them out as being too far down a side quest. After yesterday, though, perhaps they’re relevant after all.


In all of the frameworks and proposed regulations I have seen on children’s privacy, one thing has been missing from all of them. Children’s privacy advocates view threats to children as entirely external, and see it as the parents’ role to monitor – and in some proposals, engage in active technical surveillance – of their children’s internet usage. I have yet to see any proposal which addresses the biggest everyday threat to a child’s privacy: the parents themselves.

Children have a legal and moral right to privacy and that includes a right to guard it from their parents. Yet today’s children are growing up with every moment of their lives – often literally from conception – shared on social media. Parental and grandparental oversharing can be astonishing, with every detail, milestone, and everyday moment publicly displayed forever and shared with any number of complete strangers.

These children have had no say in having their lives broadcast. They did not give their consent to growing up on a news feed. And as they mature into young adults making their way in the world, doing their best to define their identities for themselves, they will do so under the weight of terabytes of intimate content which will follow them into education, adulthood, and the workforce.

(That’s saying nothing about the identity fraud which will haunt their lives as a result of that overshared content too.)

Despite that, children’s privacy proposals and frameworks ignore parental exploitation of children’s privacy altogether, focusing instead on social media (aka “big tech” aka “tech giants” aka big scary others outside the family home), and positioning parental surveillance and control as the solution. One UK proposal even would have had a parental monitoring icon appear on a young person’s phone, as if to say “I’m watching you, because you can’t be trusted”, to a generation whose trust in their parents was already destroyed from the first time they Googled their names and found thousands of photos of their most vulnerable moments.

In the European privacy model, once a child turns 18, they have the right to have information about them removed if that information was posted while they were underage without their consent. There was even a celebrated case where a young person entering adulthood sued their parents to force them to take down a lifetime of public oversharing about their private life.

While no young adult should have to go that far, without comprehensive privacy protections against parental oversharing, what other options will today’s children have? Proposals to safeguard children’s privacy online must address privacy exploitation from within the family home as much as from outside it, and they must provide the tools to defend young people from their parents as much they do as from predators in the outside world.

You might be the one to build those tools into your service, or create an AI-powered startup to help young people scrub their childhood from the web. Start today.

And as you review the draft laws and frameworks on children’s privacy which will be coming into play over the next few years, remember that any proposal which condemns the evils of social media but not the evils of parental oversharing and surveillance is not actually about privacy: it’s about content moderation, filtering, and control, and is using “children’s privacy” as a means to another end.

But do you know what really saddens me?

It’s that a generation of profoundly amazing young people are growing up dehumanised into data points, likes, shares, stories, and clickbait. Instead of supporting them, children’s charities and policymakers tell those same children that “the world is not to be trusted, and neither are you”, and to that end, install webcam spyware on their school-issued Chromebooks and keylogger software on their mobiles. It’s pathetic.

We should remember something. As we grow older and our datafied children become our carers, we will have no leg to stand on if they respond by dehumanising us when we are the ones who are vulnerable and in need of protection.

We will have taught them how.

The Author

I’m a UK tech policy wonk based in Glasgow. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. The content and opinions on this site are mine alone and do not reflect the opinions of any current or previous team.