Future Tense

How to Teach Your Kids About Digital Privacy and Security

“The Talk,” but for the connected age.

Digital security
Parents have to start teaching kids to do some critical thinking online.

Hero Images/Getty Images

’Tis the season when parents (er, Santa) are gathering gifts for children. And while gadgets are a perennial favorite, the privacy and security concerns that their sensors, microphones, cameras, trackers, data storage components, and web connections raise are making many think twice about the role of technology in children’s lives.

Earlier this year, the FBI warned parents about the privacy and security risks of internet-connected toys. The Norwegian Consumer Council, too, highlighted security holes, terms of use that appear to violate EU law, hidden marketing, and data-sharing concerns related to smart toys. It advised parents to think twice before purchasing them. Germany outright banned My Friend Cayla, an interactive doll wired with a microphone and Bluetooth connection, as well as children’s smartwatches, calling them spy devices.

Even without connected toys, children regularly spend time online. Those ages 5 to 8 spend an average of one hour per day on mobile devices, according to Common Sense Media. And as technology companies direct more attention toward child users—hello, Messenger Kids—this number is only bound to increase.

In recent years, concerns surrounding children and internet use have mainly focused on screen time, inappropriate behavior, and safety. But, in part because of the increasing number of smart devices and greater awareness among all consumers, digital privacy and security issues related to children’s technology use are rightly gaining more attention. Still, many parents may not think to teach kids about how information is shared or how identities can be exploited online. As the lines between online and offline activity continue to blur, we are increasingly questioning the extent to which tech companies monitor our every move and potentially leave sensitive digital data vulnerable to nefarious actors. We have to start teaching kids to do the same critical thinking. Otherwise, we may have a new generation for whom such exposure is completely normalized.

One starting point is to look at how children conceptualize their digital privacy and security. It’s a question I, alongside a team of researchers from the University of Maryland and Princeton University, studied as part of a project about children and technology use. We interviewed 18 families in the Washington area, including 26 kids (ages 5 to 11) and 23 parents, about their experiences using smartphones, tablets, and computers. We asked what devices children used, what activities they liked to do on them, and how they found information on them. We also gave children a series of hypothetical scenarios, such as asking how they thought a child their age would respond if, for example, a sibling or parent looked at their device over their shoulder, or an unknown person asked for their address in an online message.

These children and parents certainly don’t represent all families. But their experiences help us consider how we’re preparing the next generation to understand and manage their behavior online. Our work, as well as similar research, suggests that children do understand some aspects of how privacy and security play out online. For example, nearly all kids we interviewed knew that certain types of information, like passwords, were sensitive. They also recognized that it was OK to share information with certain people, like parents and teachers, but not with less familiar acquaintances or strangers.

In our study, some children ages 10 and 11 recognized that companies like YouTube can track what individual users do on their sites. One 10-year-old knew that something disclosed online could be shared with a much larger audience (say, if someone posts information from a message onto a blog). Younger children, unsurprisingly, showed more gaps in their knowledge. Given the cognitive development that children go through between the ages of 5 and 10, it’s understandable that they may struggle to grasp certain ideas about how the largely invisible internet works. Overall, our findings highlighted that this is a place where it makes sense for parents to step in to scaffold their children’s learning.

Though the adults in our study said they took steps to manage their children’s technology use—making sure children only used devices when parents were around to supervise, for example—they typically said they didn’t see teaching children about privacy and security online as a priority at that age. Parents generally acknowledged that these concerns exist but said they could address these concerns when kids are older and, say, have their own smartphones or spend more time on social media and other online activities.

Yet, there’s reason not to wait. For one, kids are getting their own devices at younger ages. Among children ages 5 to 8, 59 percent have their own tablet and 7 percent have their own smartphone, according to Common Sense Media. And that’s not counting those that get some screen time on family members’ devices. With this increased exposure to different devices, it makes little sense to wait until children have their own smartphones to teach them good privacy and security habits.

For another, lessons such as recognizing what is or isn’t appropriate to share online and understanding how digital information gets shared are relevant for activities beyond social media. Children may communicate with others in online games, use email or other apps in school, or chat away with internet-connected toys (both theirs and their parents’). It’s better to start before their first interactions. Plus, younger children are more willing to listen and learn from their parents than teenagers.

So, parents, how can you teach such skills to your children? First, tell kids the reasons behind the boundaries you set. When you ask a child not to share passwords or not to send messages to strangers online, also take a few minutes to explain why such behaviors could pose a risk.

Analogies using situations from the physical world can help. For example, children probably know that while it might be OK to share their home address in person with a close friend, it’s not OK to give it to a stranger on the street. But sharing information online, regardless of whom you’re sharing it with, requires extra care. This is because it’s easier for someone online to pretend to be someone else, and for information online to be shared with more than the person you intended. Remind children to check with an adult if they’re ever in doubt about sharing something online. And when they do ask you, explain how you made your decision.

Second, parents can look for examples of good or bad privacy practices embedded in everyday tools that children use. The website for PBS Kids, for example, tells children not to use any personal information, such as their last name or address, in their username. And instead of asking kids to create security questions, which often involve personal information, the site has children select three pictures to create a “secret code.” As children interact with sites like PBS Kids, parents can ask whether they understand why the websites have been set up this way.

Third, parents can check out existing resources related to privacy and security online. Common Sense Media and the Family Online Safety Institute offer great guides about privacy challenges children may face online and how parents can teach kids about them. PBS Kids, too, has created a series of technology-focused cartoon videos and parent guides that include lessons related to privacy and security. The U.K.-based company Excite-ed even developed a series of kid-friendly apps that include privacy-related tips and quizzes.

The task of teaching children about digital privacy and security shouldn’t just fall on parents. Educators are well positioned to help teach kids about these issues, given the increasing use of computers and tablets in schools. Companies who design and market technology also have a responsibility to respect children’s privacy interests.

As part of our continued work in this area, my research team is holding focus groups with educators and design sessions with kids to better understand how schools and the tech industry can support early learning. Our goal isn’t to create more work for parents or teachers, but to help these adults feel better equipped to talk about digital privacy and security when children are young.

By virtue of their life experiences, adults know what it means to experience invasions of privacy and why it’s important to keep information secure. Helping children understand how these values play out online now will equip children to address the challenges they will face in the future, regardless of what apps or devices they’ll be using then.

This article is part of Future Tense, a collaboration among Arizona State University, New America, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, follow us on Twitter and sign up for our weekly newsletter.