Children in car seats with a shocked look showing concern over data privacy
Children and Data Privacy: What Parents Need to Know by John Renaldi, Founder and CEO and Mike Spertus, Technical Advisory Board at Jiobit

Children and Data Privacy: What Parents Need to Know

Today’s children are being “datafied” from the moment they’re born. A new report by the U.K.’s Children’s Commissioner’s Office (CCO) has created an uproar of worry about how children’s data is being collected and shared through technology.

In the report, ​Who knows what about me?​, it states that ​today’s parents have uploaded an average of 1,300 photos and videos of their children to social media by the time the child becomes a teenager. This report provides needed insight into how data can affect children later in life, but what about how big data is affecting children right now in the present?

The CCO urges our population to “stop and think” about what big data means for children’s lives, both now and in the future, suggesting that children are being “datafied” not just via social media, but in many aspects of their lives. Which brings about the real question, do parents even know what data they are leaking and sharing about their children and the consequences it can have?

For example, nobody thinks to check their child’s credit report because there’s typically no reason to. Except for checking on thieves trying to steal your child’s identity early on. People can exploit the stolen identity undetected for years until the child grows up to find his or her credit ruined. The 2018 Child Identity Fraud Study from Javelin Strategy & Research found that over one million children were victims of identity theft in 2017 alone, with cumulative losses of $2.67 billion.

Parents anxiety is steadily increasing over the multiplying amount of commercial collection and exploitation of children’s data, with potential consequences that can lead to extremely unsafe situations for both the child and the family. ​So much so that California recently became the first state to pass a bill to keep connected products more secure. ​Digital Times​ published a good article on it and it’s worth a read.

At ​Jiobit​, our mission is to deliver peace of mind and security to parents. We’ve developed highly encrypted location tracking technology that keeps parents and kids connected, so you might not be surprised at the number one question we hear from parents: “Who else can access my child’s location?”

There’s good reason for concern; it seems like every few months we hear about a hacking incident. Here’s a recent example: Internet toymaker ​Cloud Pets​ was easily hacked and all data on children, including their voices and photos, was ransomed. Over 820,000 user accounts were exposed. The truth is that in the mad dash to launch a product, security tends to get deprioritized. Most companies aren’t worrying about security like a parent worries about their kids. Which brings us to our first tip for parents:

Don’t just think about security. Worry about it.

Unfortunately, not all companies do this. If you take a look at new hardware startups in particular, typically the best you can find regarding security is that they transmit data over SSL from their app, or have some rudimentary user authentication, and call it a day. It’s a lot of tech jargon without much substance and parents are left feeling confused and uneasy.

So what should parents be looking for to ensure their children’s safety and privacy?

There’s so much to keep up with when it comes to technology and our children; between setting YouTube filters, managing screen time, learning about the latest social network, and worrying about hackers it’s down right overwhelming.

As parents ourselves, building a product for families, we’ve prioritized security and gone to great lengths to ensure the safety of our users. So as the holidays approach and you’re buying the next tech gadget for your kids, here are some things we recommend you verify before purchasing:

1. Have you given consent for your child’s info to be collected?

The Children’s Online Privacy Protection Act (COPPA) puts you, the parent, in control when it comes to the collection of personal information from your minor child (under 13). If you’re not being asked for your consent for child’s info to be collected when you use a company’s app or web portal when you sign up, then that product or service is not COPPA compliant. Furthermore, you’ll want to know that a 3rd party audited this or certified their compliance. If you ask the company’s customer service department this simple question and they are uncertain, that’s a good answer right there.

2. How is your data being protected?

It’s not enough to protect data while it’s being digitally transmitted. If your data is being stored on a server, which it probably is, it should be encrypted there as well. Believe it or not, many companies do not protect or encrypt that data that is stored on their servers, but simply protect it with a username and password. Does the company detail out how they protect your information in their terms of use or privacy statement. If they aren’t publishing this on their website, this is a major red flag.

3. How is the product or company protecting you from malware or the potential use of your device for a botnet?

In can be pretty simple to download rogue software onto an IoT device. In many cases, instructions on how to do so are readily available online. IoT products managing sensitive data should have software which is cryptographically signed, meaning only software from the manufacturer can run on it. You’ll want to see the company is actively addressing this.

4. If there’s a device component, how are encryption keys being stored and protected?

Many connected devices use simple passwords or keys that are common to all devices. These keys are used to encrypt your data and communicate with the company’s servers. Even worse, many times these encryption keys may be stored in an unencrypted file (similar to putting your password in a text file). This makes the key easily discoverable and could result in comprising all devices. In the case of a location tracking device, that means that all locations could be revealed to anyone who discovered that key.

5. Is the hardware or physical product tamper resistant?

Think about this: If someone were to physically open up your phone, PC, smart home devices, security cameras, or routers, they could tamper with them. That could mean reprogramming, modifying the software, or any number of things. For all of your gadgets, but especially the gadgets your kids are using, you should verify that they’re intrusion-resistant. The extreme end is to burn away part of the circuit board used for physical software programming which precludes anyone else from attempting to modify the software on the device.


As we continue to examine how vast amounts of children’s data is collected, we need to call upon the service and product providers to be transparent about how they are capturing information about children and how it is being used. Then, take matters into your own hands.

Stop and think about what #bigdata and #identitytheft means for children’s lives, both now and in the future.Click to Tweet

In the digital age, parents need to become more aware of what information they are sharing about their children and consider the consequences. That said, it’s unrealistic for us to avoid technology products all together due to the risks of data exploitation. Even if we tried, our kids would find a way around it. Instead, we need to do our homework, set boundaries, and ensure we are creating a safe space for our children and technology now and in the future.