Today the Internet touches the daily lives of over 2 billion people and this number is increasing every day, consequently issues around privacy & safety are growing ever more important. Governments around the world are attempting a variety of measures to protect their citizens, while offering them access to an unrivaled resource where they can learn, share ideas and connect with others.
The global nature of the Internet means that these challenges need a united response so in September FOSI hosted a roundtable in London bringing together representatives from US, UK and Europe to discuss and share ideas on the current environment and how best to proceed to ensure that children have safe and healthy online experiences. Below are the remarks that helped set the scene for the discussions.
2012 has been a very important year for Internet policy. For the first time we saw the big Internet companies in the US test their influence and strength on Capitol Hill with their protests over SOPA and PIPA, and to a slightly less extent ACTA in Brussels. The ITU meets later this year for WCIT to review the current ITRs, but there is serious concern being expressed that discussions may expand to cover Internet governance or content regulation.
More specifically to the work that we do at FOSI it does not seem that a month, or indeed a week goes by without developments or news stories in the field of online safety and/or privacy as it relates to children.
In the EU there has been the on-going work of the CEO Coalition, and the ICT Coalition along with the continued negotiations around the revisions to the Data Protection Directive. The UK specifically has been drawn into an impassioned debate around parental controls and filtering while UKCCIS continues to bring together interested stakeholders in productive discussions.
In the US the FTC is continuing with the review of the COPPA Rule, releasing a supplemental notice of proposed rulemaking in August of this year while maintaining that they expect the review to be finished this year. There is also increased political attention around issues, we have seen the White House release their privacy report in February and the National Telecommunications and Information Administration has begun work on their multi-stakeholder approach to mobile app privacy. There numerous bills in Congress, from those focused on general privacy to more specific ones dealing with children on the Internet, such as H.R 1895 the Do Not Track Kids Act. In advance of the election this year both Democrats and Republicans contained positions on Internet privacy and safety within their party platforms.
Policy and regulatory proposals are taking place against an ever changing backdrop which alters not only the services that children are accessing online, for example the shift from Facebook to Twitter and Tumblr that we have seen this year, but also the changing way that children are accessing the Internet, with the continuing explosion of the app marketplace.
In January the European Commission released its proposed revisions to the 1995 Data Protection Directive. The amendments mark some of the most radical changes ever proposed to data protection and online privacy. There are 2 key provisions within the framework that, if adopted, will alter system under which European Internet companies relate to children. Article 8 of the proposed Regulation amends the provisions for obtaining consent for the processing of children's data. Companies will need to obtain parental consent to process the data of children under 13. This brings the EU in line with the US position under the Children's Online Privacy Protection Act and lays out substantial fines for noncompliance.
Article 17 of the Regulation provides for the 'right to be forgotten and to erasure,' it states that all users should have the right to request that their personal data be deleted. Upon request, and in the absence of legitimate reasons to maintain it, all personal data belonging to an individual must be deleted. The Regulation goes further and states that when the data has been made public, the service who has received the data deletion request must take all reasonable steps to ensure that third parties are made aware of the deletion request and that they cease processing of that information. This puts a tremendous burden on websites and the current wording will result in much more data being collected than less.
The Commission is aiming to adopt the Regulation by the end of 2012, with implementation in 2 years. The European Parliament is currently reviewing the framework.
It has been 10 months since the announcement by Commissioner Kroes of the CEO Coalition to make the Internet a better place for kids. The 5 working groups reported back to DG Connect in July this year on their objectives and progress.
Working Group 1 is focused on reporting tools; they are developing cross-platform mechanisms to report harmful content and conduct. The age-appropriate privacy settings group has compiled an interactive database for parents on existing privacy settings and they are testing existing and proposed privacy policies with a group of teenagers. Working Group 3, on content classification received criticism from the Director-General for their perceived lack of progress; they will need to present deliverables to the Commission shortly.
The parental controls working group has made good progress, in total 23 of the Coalition members have existing controls available and a vendor workshop will test good and bad aspects of these tools. Finally, Working Group 5 is looking at the take-down of child abuse material, progress has been hampered by concerns around the legality of some of the tools used, and the Commission will want to see more from this group.
Where the CEO Coalition is arguably a co-regulatory regime, with significant direction being provided by the European Commission, industry is taking the lead though self-regulation in the form of the ICT Coalition for a Safer Internet for Children and Young People. Industry meets regularly in pursuit of enhancing awareness around online safety, empowering parents and reporting abuse.
Within the European Union, the UK has been, and continues, to confront serious questions around parental controls, blocking and filtering of content. UKCCIS finished their consultation on the subject in September. The main options being discussed include the automatic blocking of all adult websites, the consumer would have to contact their ISP for access, the Active choice model currently adopted by 4 of the main ISPs was an option, customers are given an unavoidable choice during installation as to whether or not to block adult content and finally active-choice plus where consumers would have to opt-out of the default blocking i.e. specify to the ISP at installation that they wanted to access adult material.
Thus far, the European approach has differed from that in the United States; the pure self-regulatory regime continues to be widely supported in America. This year there has been a multitude of actions taken in respect of online privacy and protection at a state level, for example in February California Attorney General Kamala Harris created the Joint Statement of Principles, in which seven companies agreed that all their apps would have a transparent privacy, as well as allowing for reporting of privacy policies that did not comply.
Nationally, this issue has also come to the fore in 2012. The Federal Trade Commission's on-going review of COPPA closes in its second NPRM on September 24th. The proposed changes to the COPPA Rule make significant alterations to the definitions of 'operator,' 'personal information' and 'collection.' It also proposes changing parental consent mechanisms and the need for general audience websites to treat all users as children. Importantly, the definition of child remains at 13.
Running concurrently with the FTC's review many members of Capitol Hill have begun to seriously consider legislation. Most notably is H.R. 1895, the Do Not Track Kids Act proposed by House Representatives Ed Markey and Joe Barton. The bill focuses on prohibiting the collection of information from children and teens up to 18, including location data and information to be used for advertising, without obtaining parent al consent. It also provides for an 'eraser button' which would allow the deletion of personal information about children at the request of them of their parents.
Action is not confined to the legislative branch, the US Administration issued its privacy framework in February calling for baseline privacy protections and do not track as standard. NTIA is working with interested stakeholders on privacy and mobile applications and will continue to work through the recommendations.
Globally much more is happening as every country attempts to adapt to the changing technological landscape and to protect their citizens online whilst encouraging the innovation that is so vital to their country's economy. From our work around the world we have learnt that cultural context is incredibly important to the approaches that are taken by individual nations. The only way that we are going to meet these challenges as an industry or as a country to work together, to talk and importantly to listen. In doing so we will hopefully ensure that our children have safe and healthy online experiences wherever they are in the world.