Kerri Richardson, an account executive with a private investigations company, knows how easily online personal data can be accessed and used. So it’s not surprising that the Oakville mother carefully guards her four children’s online privacy.

“We don’t allow them to create accounts for online services, and if they’re using sites we make sure they’re doing it anonymously” says Richardson, whose kids range in age from 9 to 14.

She’s especially concerned about how the personal data generated by her children’s online activities is used. And she’s not the only one who’s worried.

Over the past year parents across North America have become increasingly concerned about their children’s data privacy. New student privacy bills and stricter privacy protections for children have been introduced in 35 U.S. states, most fuelled by parent concerns. In April, those worries led to the shutdown of education startup, InBloom, described by Bloomberg Businessweek as “the hottest company in the emerging field of personalized learning.” So, should Canadian parents be worried, too?

In addition to state laws and protections, a dedicated federal law, The Children’s Online Privacy Protection Act (COPPA), protects children’s online privacy in the U.S. But in Canada, “there’s no privacy law specific to children” according to Valerie Lawton, a spokesperson for the Office of Privacy Commissioner of Canada.

Online privacy in Canada is governed by the Personal Information Protection and Electronic Documents Act(PIPEDA), but the unique needs of children aren’t specifically protected.

“PIPEDA requires organizations involved in commercial activity to obtain meaningful consent” says Lawton, “but it may well be very difficult to obtain meaningful consent from children.” And while the office recommends organizations “avoid tracking children and tracking on websites aimed at children,” this practice happens extensively.

Sara Grimes, an assistant professor in the faculty of information at the University of Toronto, has been investigating the collection and analysis of children’s data in online video games for almost 10 years. Grimes says most children’s gaming sites collect data on their users, but because it’s passive it’s difficult for children and parents to tell when and how it’s happening. In some cases the goal is to monitor and improve the game, but some sites sell children’s data for commercial purposes.

“Kids have traditionally been a fairly hard to reach group when it comes to market and audience research” says Grimes. “Data mining is a nonintrusive way to observe millions of kids playing and chatting together. Play habits reveal a lot about kids, as do the conversations they have about their likes or dislikes, their ideals and dreams. All of this is seen as extremely valuable for figuring out new ways to market to them, to create things that they are likely to want and enjoy, but also tap into and manipulate their innermost hopes and fears.”

Gaming at home isn’t the only place where children are increasingly leaving a digital trail. The use of digital technology in schools provides an increasing opportunity for the collection and use of data for “educational purposes.” By some estimates, the use of data in U.S. education will become an $800 billion industry, with schools, school boards and education ministries paying companies to collect and analyze student data.

Google Apps for Education (GAFE), a suite of online tools for students and teachers, has more than 30 million educational users worldwide, including a large number Ontario school boards. The Toronto District School Board, York Region District School Board, York Region Catholic School Board and Peel Region District School Board are among those who’ve partnered with GAFE, which provides web-based access to email, calendar, documents and more.

Earlier this year a lawsuit in California alleged that Google was scanning and data mining student emails in GAFE. Google spokesperson Jennifer Kaiser confirmed that Ontario students who use GAFE have their emails scanned and metadata collected. “Scanning is done on all incoming emails, is 100 per cent automated and can’t be turned off” says Kaiser. “Google has permanently removed all ads scanning in GAFE, which means Google cannot collect or use student data in Apps for Education services for advertising purposes”.

Sandra Nagy, director of digital strategy for Pearson Canada Education, says the company takes the issue of student data privacy “very seriously.”

“When we design a classroom product student privacy is one of the first things we think about” says Nagy, whose company develops electronic textbooks, a product called CLIC, which allows teachers to document student progress through photos and videos, and Power Schools, which stores student information and report cards.

“Any student personal information collected is stored on secure Canadian servers, and schools always have the option of using generic log-ins and passwords to further protect students.” Nagy admits that student-created data is mined for analytics, but never used for marketing purposes or sold to a third party.

Many parents assume that as long as their children’s personal information is protected there’s no problem, but Grimes disagrees.

Loading... Loading... Loading... Loading... Loading... Loading...

“We often think of privacy in terms of names and addresses, but if a marketer knocked on your door and asked to spend several hours secretly observing your child playing in their bedroom, recording everything he or she was doing and saying for secret purposes, you’d probably tell them to take a hike” says Grimes. “This is happening every day in many games and social networking sites with very little resistance.” Grimes encourages parents to demand that governments increase their protection of children’s privacy and require businesses that collect children’s data to show greater transparency.

According to Nagy, parents should be advocating for greater protection of their children’s data privacy. “Parents should be asking schools ‘What are you doing with my child’s data?’” she says. Nagy also recommends parents take an active role in educating their children about online privacy. “When my 8-year-old daughter wants to sign up for something online we read the terms of service together rather than just clicking on ‘Agree’ ” she says. “It generates a conversation about privacy and sometimes she decides to use a different service that’s more suitable for her.”

How early should parents be having those conversations with their children? “I started talking to her about it in Grade 1” says Nagy.

Kerri Richardson believes schools need to get better at communicating with parents about student data. “The use of digital technology in schools is still in its infancy, and school practices about student data are antiquated” she says. “Schools have a responsibility to let parents know how they’re using children’s data. We need a dialogue about children’s online privacy that just doesn’t exist right now.”

Andrew Campbell

Where your kids' information can be mined

1. Online gaming sites, such as Poptropica

2. At school, for example, while using Google Apps for Education

3. Social networking sites such as Facebook

4. Online contests where children have to register to win

5. Online communities, for example Neopets