coppa
Auto Added by WPeMatico
Auto Added by WPeMatico
Instagram is done playing dumb about users’ ages. After nine years, Instagram is finally embracing more responsibility to protect underage kids from the problems with social media. It will now ask new users to input their birth date and bar users younger than 13 from joining. However, it won’t be asking existing users their age, so Instagram will turn a blind eye to any underage kids already amongst its 1 billion members.
Instagram will later start using age info to offer education about settings and new privacy controls for younger users. It’s also adding the option to only allow people you follow to message you, add you to a group or reply to your Story.
Yesterday we published an opinion piece noting that “Instagram still doesn’t age-check kids. That must change.” after receiving no-comments from Instagram after mobile researcher Jane Manchun Wong spotted Instagram prototyping an age-check feature. As the code she found indicated, Instagram will keep your birthday and date private, and sync it with your Facebook profile if you link your accounts.
Instagram had fallen far behind in protecting underage users. It’s relied on ignorance about users’ ages to avoid a $40,000 fine per violation of the Child Online Privacy Protection Act that bans services from collecting personal info from children younger than 13. “Asking for this information will help prevent underage people from joining Instagram, help us keep young people safer and enable more age-appropriate experiences overall,” Instagram notes.

Facebook, Snapchat and TikTok already require users to enter their birth date as soon as they start the signup process. TikTok built a whole separate section of its app where kids can watch videos but not post or comment, after it was fined $5.7 million by the FTC for violating COPPA.
As for why it took so long, an Instagram spokesperson tells TechCrunch, “Historically, we didn’t require people to tell us their age because we wanted Instagram to be a place where everyone can express themselves fully — irrespective of their identity.” That seems like a pretty thin excuse.
Adding the age check is a good first step for Instagram. But it should consider how it can do more to verify the ages users enter and keep out those who don’t belong exposed to strangers across the app. Moving in line with industry standards is attaining minimum viable responsibility. But an app so appealing to younger users and that deals in such sensitive data should be leading on safety, not just following the herd.
Powered by WPeMatico
Instagram dodges child safety laws. By not asking users their age upon signup, it can feign ignorance about how old they are. That way, it can’t be held liable for $40,000 per violation of the Child Online Privacy Protection Act. The law bans online services from collecting personally identifiable information about kids under 13 without parental consent. Yet Instagram is surely stockpiling that sensitive info about underage users, shrouded by the excuse that it doesn’t know who’s who.
But here, ignorance isn’t bliss. It’s dangerous. User growth at all costs is no longer acceptable.
It’s time for Instagram to step up and assume responsibility for protecting children, even if that means excluding them. Instagram needs to ask users’ age at sign up, work to verify they volunteer their accurate birthdate by all practical means, and enforce COPPA by removing users it knows are under 13. If it wants to allow tweens on its app, it needs to build a safe, dedicated experience where the app doesn’t suck in COPPA-restricted personal info.

Instagram is woefully behind its peers. Both Snapchat and TikTok require you to enter your age as soon as you start the sign up process. This should really be the minimum regulatory standard, and lawmakers should close the loophole allowing services to skirt compliance by not asking. If users register for an account, they should be required to enter an age of 13 or older.
Instagram’s parent company Facebook has been asking for birthdate during account registration since its earliest days. Sure, it adds one extra step to sign up, and impedes its growth numbers by discouraging kids to get hooked early on the social network. But it also benefits Facebook’s business by letting it accurately age-target ads.

Most importantly, at least Facebook is making a baseline effort to keep out underage users. Of course, as kids do when they want something, some are going to lie about their age and say they’re old enough. Ideally, Facebook would go further and try to verify the accuracy of a user’s age using other available data, and Instagram should too.
Both Facebook and Instagram currently have moderators lock the accounts of any users they stumble across that they suspect are under 13. Users must upload government-issued proof of age to regain control. That policy only went into effect last year after UK’s Channel 4 reported a Facebook moderator was told to ignore seemingly underage users unless they explicitly declared they were too young or were reported for being under 13. An extreme approach would be to require this for all signups, though that might be expensive, slow, significantly hurt signup rates, and annoy of-age users.

Instagram is currently on the other end of the spectrum. Doing nothing around age-gating seems recklessly negligent. When asked for comment about how why it doesn’t ask users’ ages, how it stops underage users from joining, and if it’s in violation of COPPA, Instagram declined to comment. The fact that Instagram claims to not know users’ ages seems to be in direct contradiction to it offering marketers custom ad targeting by age such as reaching just those that are 13.
Luckily, this could all change soon.
Mobile researcher and frequent TechCrunch tipster Jane Manchun Wong has spotted Instagram code inside its Android app that shows it’s prototyping an age-gating feature that rejects users under 13. It’s also tinkering with requiring your Instagram and Facebook birthdates to match. Instagram gave me a “no comment” when I asked about if these features would officially roll out to everyone.

Code in the app explains that “Providing your birthday helps us make sure you get the right Instagram experience. Only you will be able to see your birthday.” Beyond just deciding who to let in, Instagram could use this info to make sure users under 18 aren’t messaging with adult strangers, that users under 21 aren’t seeing ads for alcohol brands, and that potentially explicit content isn’t shown to minors.
Instagram’s inability to do any of this clashes with it and Facebook’s big talk this year about its commitment to safety. Instagram has worked to improve its approach to bullying, drug sales, self-harm, and election interference, yet there’s been not a word about age gating.

Meanwhile, underage users promote themselves on pages for hashtags like #12YearOld where it’s easy to find users who declare they’re that age right in their profile bio. It took me about 5 minutes to find creepy “You’re cute” comments from older men on seemingly underage girls’ photos. Clearly Instagram hasn’t been trying very hard to stop them from playing with the app.
I brought up the same unsettling situations on Musically, now known as TikTok, to its CEO Alex Zhu on stage at TechCrunch Disrupt in 2016. I grilled Zhu about letting 10-year-olds flaunt their bodies on his app. He tried to claim parents run all of these kids’ accounts, and got frustrated as we dug deeper into Musically’s failures here.
Thankfully, TikTok was eventually fined $5.7 million this year for violating COPPA and forced to change its ways. As part of its response, TikTok started showing an age gate to both new and existing users, removed all videos of users under 13, and restricted those users to a special TikTok Kids experience where they can’t post videos, comment, or provide any COPPA-restricted personal info.
If even a Chinese app social media app that Facebook CEO has warned threatens free speech with censorship is doing a better job protecting kids than Instagram, something’s gotta give. Instagram could follow suit, building a special section of its apps just for kids where they’re quarantined from conversing with older users that might prey on them.
Perhaps Facebook and Instagram’s hands-off approach stems from the fact that CEO Mark Zuckerberg doesn’t think the ban on under-13-year-olds should exist. Back in 2011, he said “That will be a fight we take on at some point . . . My philosophy is that for education you need to start at a really, really young age.” He’s put that into practice with Messenger Kids which lets 6 to 12-year-olds chat with their friends if parents approve.
The Facebook family of apps’ ad-driven business model and earnings depend on constant user growth that could be inhibited by stringent age gating. It surely doesn’t want to admit to parents it’s let kids slide into Instagram, that advertisers were paying to reach children too young to buy anything, and to Wall Street that it might not have 2.8 billion legal users across its apps as it claims.

But given Facebook and Instagram’s privacy scandals, addictive qualities, and impact on democracy, it seems like proper age-gating should be a priority as well as the subject of more regulatory scrutiny and public concern. Society has woken up to the harms of social media, yet Instagram erects no guards to keep kids from experiencing those ills for themselves. Until it makes an honest effort to stop kids from joining, the rest of Instagram’s safety initiatives ring hollow.
Powered by WPeMatico
A coalition of 22 consumer and public health advocacy groups, led by Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD), have today filed a complaint with the Federal Trade Commission asking them to investigate and sanction Google for how its Google Play Store markets apps to children. The complaint states that Google features apps designed for very young children in its Play Store’s “Family” section, many of which are violating federal children’s privacy law, exposing kids to inappropriate content and disregarding Google’s own policies by luring kids into making in-app purchases and watching ads.
Google Play ‘Family’ section
Google first introduced its “Designed for Families” program back in 2015, which gives developers of kid-friendly apps meeting certain guidelines additional visibility in the Play Store. This includes a placement in the Family section, where apps are organized by age appropriateness.
To qualify, “Family” apps must abide by specific content policies, Google’s Developer Distribution Agreement and the Designed for Families DDA Addendum. The apps also must meet the Designed for Families program requirements. Legal compliance with federal privacy laws, including COPPA (Children’s Online Privacy Protection Rule), are among the requirements.
COPPA is designed to protect children under the age of 13 by giving parents control over what information sites and apps can collect from their kids.

Above: Google Play store showcases children’s content in its own dedicated sections
COPPA violations
But the new FTC complaint claims that Google is not verifying COPPA compliance when it accepts these apps and, as a result, many are in continual violation of the law.
“Our research revealed a surprising number of privacy violations on Android apps for children, including sharing geolocation with third parties,” said Serge Egelman, a researcher at the University of California, Berkeley, in a statement shared by the group. “Given Google’s assertion that Designed for Families apps must be COPPA compliant, it’s disappointing these violations still abound, even after Google was alerted to the scale of the problem,” he added.
TechCrunch asked the coalition if it had some idea about how many apps were in violation of COPPA, and were told the groups don’t know an exact number.
“From our survey — and more comprehensive analyses like the PET Study — it seems fairly prevalent,” Lindsey Barrett, Staff Attorney at Georgetown’s Institute for Public Representation, told us.
“The PET Study found that 73 percent of the kids apps in the Play store transmitted sensitive data over the internet, and we saw apps sending geolocation without notice and verifiable parental consent, and sending personal information unencrypted,” Barrett said. “Further, under COPPA, children’s PII cannot be used for behavioral advertising. Yet, many of the children’s apps we looked at were sending information to ad networks which say their services should not be used with children’s apps,” she added.
Other harms
The apps also engage in other bad behaviors, like regularly showing ads that are difficult to exit or showing those that require viewing in order to continue the current game, according to the complaint. Some apps pressure kids into making in-app purchases — in one example, the game characters were crying if the kids didn’t buy the locked items, it notes. Others show ads for alcohol and gambling, despite those being barred by Google’s Ad Policy.

Above: disturbing images from TabTale apps
The coalition additionally called out some apps for containing “graphic, sexualized images” like TutoTOONS “Sweet Baby Girl Daycare 4 – Babysitting Fun,” which has more than 10 million downloads. (The game has a part where kids change a baby’s diaper, wipe their diaper area, then rub powder all over the baby’s body.) Others model harmful behavior, like TabTale’s “Crazy Eye Clinic,” which teaches children to clean their eyes with a sharp instrument, and has more than one million downloads. (The game is currently not available on Google Play and its webpage is down.)
The complaint also broadly takes issue with apps that use common SDKs like those from Unity or Flurry (disclosure: Flurry and TechCrunch share a corporate parent) to collect device identifiers from the children’s apps.
“Nearly three-quarters of the apps in the Family section transmit device identifiers to third parties,” reads the complaint. “There is no way for us to know for sure what the device identifiers are used for. Since many of the apps send device identifiers to third parties that specialize in monetizing apps and/or engaging in interest-based (behavioral) advertising, it seems unlikely that this information is being used solely to support internal operations,” it says.

Above: Strawberry Shortcake Puppy Palace was called out for aggressive monetization efforts. Strawberry tells kids to buy things to keep the puppy happy — the implication is if you don’t pay, you’re making puppies sad.
The groups say that Google has been aware of all these problems for some time, but hasn’t taken adequate steps to enforce its criteria for developers. As a result, the consumer advocacy groups are urging the FTC to investigate the Play Store’s practices.
The coalition had previously asked the FTC to investigate developers of children’s apps aimed at preschoolers who were using manipulative advertising. But today’s complaint is focused on Google.
“Google (Alphabet, Inc.) has long engaged in unethical and harmful business practices, especially when it comes to children,” explained Jeff Chester, executive director of the Center for Digital Democracy. “And the Federal Trade Commission has for too long ignored this problem, placing both children and their parents at risk over their loss of privacy, and exposing them to a powerful and manipulative marketing apparatus. As one of the world’s leading providers of content for kids online, Google continues to put the enormous profits they make from kids ahead of any concern for their welfare,” Chester said.
Apple was not similarly called out because a similar analysis has not yet been done on its app marketplace, Josh Golin, executive director at CCFC told us. In Google’s case, he explained, two major studies found widespread issues with the Play Store apps for kids. One from Berkeley researchers found widespread COPPA non-compliance; the other, by University of Michigan researchers, found children’s play experience was often completely interrupted and undermined by aggressive marketing tactics.
The complaint comes at a time where there is increased scrutiny as to how tech companies are misusing and abusing consumer data and violating privacy. Kids game have already been the subject of some concern. And this morning, an NYT investigation into Facebook revealed it had shared more of users’ personal data than disclosed with major tech companies, following a year of data scandals.
The issue of data privacy is an industry-wide problem. Tech companies’ failures on this front will likely lead to increased regulation going forward.
Not all the named developers were immediately available to comment this morning. We’ll update if comments are provided. (Update: TutoToons says they removed the inappropriate content from the app after becoming aware of the complaint. They urged parents and child advocacy groups to reach out to them directly in the future.)
Google says it’s taking the complaint seriously. It has removed thousands of apps from its Designed for Families program this year, and rejects a third of applications.
“Parents want their children to be safe online and we work hard to protect them. Apps in our Designed for Families program have to comply with strict policies on content, privacy and advertising, and we take action on any policy violations that we find,” a Google spokesperson says. “We take these issues very seriously and continue to work hard to remove any content that is inappropriately aimed at children from our platform,” they added.
The full complaint is below.
Powered by WPeMatico
Facebook is opening up to children under age 13 with a privacy-focused app designed to neutralize child predator threats that plague youth-focused competitors like Snapchat. Rolling out today on iOS in the U.S., “Messenger Kids” lets parents download the app on their child’s phone or tablet, create a profile for them and approve friends and family with whom they can text… Read More
Powered by WPeMatico