Children’s privacy is at great risk. Due to the emergence of the Internet of Things (“IoT”), whereby ordinary objects became connected to the internet, children might now be constantly datafied during their daily routines, with or without their knowledge. IoT devices might collect and retain mass amounts of data and metadata on children and share them with various parties—able to extract data on where children are, what they are doing or saying, and perhaps even capture imagery and videos of them. While Congress previously responded to rather similar privacy threats that emerged from the internet with the enactment of the Children’s Online Privacy Protection Act (“COPPA”), this regulatory framework only applies to a limited set of IoT devices—excluding those which are not directed towards children nor knowingly collect personal information from them. Essentially, COPPA is ill-suited to properly safeguard children from the privacy risks that IoT entails, as it does not govern many IoT devices that they are exposed to. The move towards an “always-on” era, by which many IoT devices constantly collect data from users, regardless of their age, exposes them to great privacy risks. The dire consequences that IoT entails for children’s privacy thus necessitates a comprehensive reform of the regulatory framework that governs such protection.
This Article focuses on the privacy implications of IoT on children under the current regulatory framework, analyzes its shortcomings to protect them, and offers various solutions to properly safeguard children in a hyper-connected world. It proceeds as follows: The second Part surveys surveillance and the development of IoT within digital datamining practices. This Part then turns to discuss the potential interaction of children with IoT devices while offering a taxonomy of different types of IoT devices. Part III turns to discuss IoT in the context of children’s privacy. It begins with a general review of children’s right to privacy in general and the regulatory framework that governs it online. This Part then discusses said regulatory framework in light of IoT and suggests that merely recalibrating this framework might not advance children’s privacy protection to a great extent. Part IV further challenges the current regulatory framework set to protect children online. It begins with questioning the sectoral approach to privacy in general; adds non-legal modalities like the market, social norms, and technology to aid in such protection; and raises dilemmas on digital parenting and the future of children’s privacy in the always-on era. The final Part summarizes the discussion and suggests that the always-on era must not lead to the demise of privacy in general, and especially, that of children.
The full text of this Article is available to download as a PDF.