Delhi High Court expressed its grief on lack of adequate laws to address the issue of protection of children from online abuse on July 16, 2013. A bench of Acting Chief Justice and Justice Vibhu Bhakru said, “The world has gone way ahead, we are way behind.” They were hearing a PIL questioning how children below 13 years of age can open an account on social networking sites like Facebook and Orkut.

In US, as per the Children’s Online Privacy Protection Act (COPRA), a child below 13 years of age is not allowed to open an account. COPRA requires websites to establish and maintain reasonable procedure to protect the confidentiality, security and integrity of personal information collected from children. According to this law, the websites should minimise the data to be collected in the first place and then they should take reasonable steps to release information only to those service providers who are capable of maintaining its confidentiality, security and integrity. In India, we don’t have any such law.

Many websites, particularly those promoting open system, do not offer enough security. Many a time, children’s accounts may be targeted with undesirable ads of products containing tobacco, porn, anti-pregnancy tests, violent video games, junk food etc.

Data security and privacy issues of school going children are of major concern inalmost every country of the world. While the developing world and its youth are embracing technology in all its forms and moving towards integrating it in all spheres of everyday life, there will always be a downside. Before anyone takes stock of the situation, it has already surpassed controllable limits. Though sites like Google offer security and privacy tools, for a common user, it is difficult to understand and set those levels by adults.

In most countries, a person below 18 years is not legally capable of entering into a binding contract. Yet many sites ask for user identification and have no procedure to ensure that children under the age of 18 do not enter into any legally binding agreements.

The effect: Social action groups have filed public interest litigation in the courts to ensure that sites incorporate somesafeguards to protect children below the age of 18 from entering into legally binding contracts.

While this scenario highlights the aspect of legality involved when children access social networking websites, there is another major issue which needs to be addressed before it is again too late to salvage the situation: The privacy of children.

It is somewhat possible to monitor the activity of children on the Internet when at home, but the situation becomes very different when they are given access to the Internet at places such as schools. Now a days most children carry smartphones and their access to internet is easier.

Governments, in their hope to embrace a more holistic and technologically savvy system of teaching and education, are encouraging children’s access to Internetservices in schools. We are all familiar with such ‘free’ consumer services as Gmail. Today, many schools – in India and around the world – are contracting with Internet firms for institutional versions of these consumer services.

For example, Google offers Google Apps for Education, which is based on Gmail; while Microsoft offers Office 365, which relies on that firm’s email server software.

These ‘cloud’ services are very attractive to schools because they are not required to own any computers or software themselves. Instead, everything is handled by the firm providing the service. Furthermore, Google and Microsoft offer these services to schools around the world for little or no charge.

While it is commendable that younger children are able to work with computers and smartphones and sophisticated Internet services such as these, one must take a pause and question the price our children might have to pay for it.

The problem is that some–though not all– of the firms providing these cloud services make their money from advertising. In the consumer versions of their free services, these firms’ computers read the emails of their customers and watch the web pages that their customers visit. Then they create profiles of each user and use the profiles to target the users with online publicity.

For adults who agree to such an arrangement, perhaps there is no objection. But when children are followed online and targeted in this way, it is a serious concern.

The risks of cloud services are that educational institutions no longer have as much control over the personal data. Prior to engaging in business with a cloud computing provider, an educational institution should conduct due diligence on the provider and make sure that the provider has a good reputation accompanied by good privacy and security practices.

The schools must be especially vigilant to ensure that the provider has pledged neverto create profiles of what children do online for purposes of advertising or marketing.

CARU (Children’s Advertising Review Unit) in US has issued certain guidelines related to internet under COPRA, which includes that operators of websites for children or children’s portions of general audience sites should not knowingly link to pages of other sites that do not comply with CARU’s guidelines. In addition, sites collecting personally identifiable information from visitors under the age of 13 must obtain consent from parents prior to collecting such information.

Recently, the giant online-services provider, Google, in a law suit filed in a federal court in California, has acknowledged scanning the contents of millions of email messages sent and received by student users of the company’s Apps for Education tool suite for schools. Google “scans and indexes” the emails of all Apps for Education users for a variety of purposes, including potential advertising, via automated processes that cannot be turned off—even for Apps for Education customers who elect not to receive ads. The company would not say whether those email scans are used to help build profiles of students or other Apps for Education users, but said the results of its data mining are not used to actually target ads to Apps for Education users unless they choose to receive them. The case is highly troubling and likely to further escalate rising concerns that protection of children’s private educational information is too lax. The confusion is contributing to a growing circumspection of cloud-based education service providers, such as Google, among some K-12 officials.

If the privacy of children is at stake and their personal information starts being used by reckless third parties purely for their own financial gains, it is time that we take a considered stand against such practices and make sure we afford our children a technological environment which is not only beneficial to their growth, but is also safe and does not encroach their person or right to privacy.