Millions of kids are suddenly learning online. Here’s how to keep their data safe.

By Allstate Identity Protection

Kids are spending more time online, which ups identity risks. The Children’s Online Privacy Protection Act (COPPA) requires websites and apps to gain parental consent before collecting personal information from kids younger than 13. If you’re a parent, you can also review the privacy policies of the sites your kids use frequently; make available privacy choices; and talk with your kids about good online habits. If you have Allstate Identity Protection, you can add your children to your account for additional protections.

With millions of students suddenly learning remotely during COVID-19, should parents be concerned about kids’ digital privacy?

For many schools, the move to online learning happened fast. Because of this quick transition, some schools have adopted new apps and processes without the usual oversight. At least one governor has relaxed student privacy requirements to help things run smoothly while schools are closed during the pandemic.  

Student data is highly sensitive. It may include personally identifiable information (PII) like names and home addresses, and other private details — think attendance records, performance feedback, even bathroom breaks. Parents are right to question the vast amounts of data being generated.

Even before the current health crisis, companies in the educational technology sector — EdTech for short — were criticized for creating a culture of surveillance and collecting vast amounts of student data. Now, many EdTech companies are offering their products for free during the pandemic. But students may be paying a hidden price with their data. And with more than 15 billion records exposed through data breaches in 2019 alone, it’s fair to wonder about how all this information is being stored, shared, and used. 

Sadly, post-pandemic virtual classrooms are already facing privacy hiccups. For example, in early April, New York City moved to ban Zoom in schools after a string of “Zoombombing” put the video conference platform’s security practices under scrutiny. 

Luckily, parents and educators can do a lot to manage kids’ digital footprints during the current health crisis and beyond. Here’s a look at the legal protections that exist today, plus some additional steps you can take to safeguard your children online. 

Are there laws that protect kids’ online data?

In the internet age, children start accumulating digital footprints almost from birth. It’s not hard to imagine why marketers would want to use this information to create a lifelong snapshot of a person as a consumer. Our online actions add up to help corporations predict what we might buy or do next — at the expense of our collective privacy. 

To help parents control what information websites can collect from their kids, two congress-enacted acts impose requirements on child surveillance: COPPA and FERPA. 

The Children’s Online Privacy Protection Act (COPPA) requires websites and apps to gain parental consent before collecting personal information from kids younger than 13. The law allows schools to give consent on behalf of parents in educational environments, including when it comes to distance learning. 

The Family Educational Rights and Privacy Act (FERPA) is a federal law that governs the protection of student records and PII. FERPA gives parents the right to access and amend their child’s records, and also grants parents some control over how and when those records are disclosed. 

Unfortunately, the existence of these laws doesn’t guarantee a reduced risk of harm or exposure. With data breaches happening at such a rapid clip, there’s always a chance that any gathered student data might be compromised.

Even apps and websites in complete compliance with the law can have serious security flaws that lead to breaches in privacy. A study recently highlighted by EdSurge found that apps certified as COPPA-compliant by the FTC-governed Safe Harbor program had just as many security lapses as non-certified apps. 

As if all this weren’t complicated enough, tech giants — household names and leaders of Silicon Valley — are being harshly criticized for how they handle and store large amounts of data, including information they vacuum up from minors. 

Last year, YouTube was fined $170 million for harvesting information from children. Google, YouTube’s parent company, has been sued by New Mexico’s attorney general for using its educational products to invade student privacy. And, in the wake of COVID-19, a new lawsuit is accusing Google of collecting students’ biometric data

Still, since the start of the pandemic, the Google Classrooms platform has been rolled out to more than 1.3 million students in New York City alone

While it's not realistic or even ideal to keep kids offline — especially if their school is being conducted through an iBook — there are things you can do to help minimize their digital footprints. 

Tips for protecting kids’ data online

This is a good time to stop and remember that lots of good stuff happens online, too. In this challenging time, kids may find comfort drawing with a beloved author and illustrator or peeking inside incredible museums. Not to mention the lift that comes from video chatting with friends and family. 

Still, kids shouldn't have to pay for their online lives with their privacy. Here are five steps parents can take today to help keep kids’ data protected: 

  1. Review the privacy policies of the apps and sites frequently used by your children. Privacy policies can be lengthy and packed with legalese, so check out our guide to deciphering them. Review your school’s policies, too, and don’t hesitate to raise concerns about the apps and websites being used in your district’s digital classroom. 
  2. Talk with your kids about good online privacy practices, and encourage them to think twice before sharing PII. Consider adopting this family mantra: unless you’re comfortable sharing something with the whole world, don’t share it online. 
  3. Cover or disable webcams and microphones when not in use. Be mindful of other devices that might be passively gathering data
  4. Keep the family computer in a public place. 
  5. Use parental controls to alert you of concerning content. 

If you’re an Allstate Identity Protection member, you can take additional steps to help safeguard your kids online. Here’s how: 

  • Visit the portal and click the icon in the top right-hand corner. 
  • Click “Manage family members,” then “Add new member.” 
  • Enter your child’s information and click “Save new member.” 
  • Your child’s account should now appear whenever you tap the icon in the top right-hand corner. Select your child’s name to manage their account. 

Once you’ve added a family member to your plan, you can maximize their protections by switching on key features like social media and dark web monitoring: 

  • Under the “Social Monitoring” tab, link your child’s Facebook, Instagram, Twitter, and YouTube accounts for monitoring. 
  • Under the “Dark Web Monitoring” tab, add your child’s other credentials, such as email addresses and web logins. 

In these unprecedented times, we need connection more than ever — and right now, a lot of that connection is happening online. That’s just another reason we work round-the-clock to protect our members’ digital lives — and their kids’ digital lives, too.