Loki Foundation

Facebook Messenger Kids childrens privacy COVID19 lockdown

Facebook Messenger Kids: Safety standard or sketchy stopgap?

COVID-19 lockdown: Changing childhoods

Socialising has always been a huge part of what it means to be a kid. Everyone has fond (and not-so-fond) memories of the hours they spent getting up to mischief with their childhood friends. But the internet has changed what it means to be a kid. A hangout isn’t just a hangout, it’s a Google Hangout. Playing games no longer means rushing to the downball court at lunchtime, it means joining a Minecraft server or getting a Victory Royale.

And with kids around the world in COVID-19 lockdown, their social lives have changed even more — for better or worse. Kids no longer have a choice between in-person or online. Usage of child-oriented apps like Google’s YouTube Kids and Facebook’s Messenger Kids is skyrocketing as lockdown drags on. 


And now, Facebook’s newest offering for kids — Messenger Kids — is arriving on Australia’s shores. Messenger Kids makes bold claims about putting children’s privacy first — but its privacy track record is far from perfect. Parents would be right to be wary of an offering from a company whose business model relies on harvesting and analysing as much information as possible. 

Messenger Kids — with its extensive options for parents to monitor and surveil their children’s messaging activities — is designed to give parents peace of mind. But really, all Messenger Kids offers parents is a false sense of security. The reality is it’s much better to educate kids about ways for them to stay safe online, rather than trying to monitor and control their every move. Kids will inevitably find ways to escape the ‘walled garden’ apps like Messenger Kids. And if they don’t know how to keep themselves safe when they do, they’ll be venturing out onto the wider internet unguided and uneducated.

These are the measures private companies are putting out to give parents some measure of control over their kids’ online lives. But what protections do governments offer to back up those companies — or keep them in line?

Protecting children online: Striking a balance

In Australia, online privacy protections start with the Privacy Act (1988), which regulates the collection and handling of personal information. However, this Act doesn’t place specific limitations on different kinds of digital information being traded online, and it doesn’t outline any specific additional protections for children. There have been numerous calls for legislative reform to institute additional privacy protections for Australian children.

So far, however, those calls have fallen on deaf ears — or ears somewhat hard of hearing, at least.

In 2010, the Australian Law Reform Commission (ALRC) issued a ruling which concluded that the current online privacy protection for children — specifically with respect to marketing — was sufficient, and that few additional changes were necessary. The ALRC did make some recommendations to limit data collection from individuals under the age of 16, which would have been a small but important step in the right direction — however, those reform recommendations have not been acted upon.

What about other countries?

In the US, child privacy is primarily governed by the Children’s Online Privacy Protection Act 1998 (COPPA). Among other things, COPPA mandates that companies targeting children must have clear privacy policies attached to their apps and services, that verifiable parental consent must be obtained before an underage person is allowed to use a service, and that parents must be able to view copies of the information a company collects on their child(ren). Companies have incurred fines in the millions of dollars for breaching COPPA, so it’s not exactly toothless. However, COPPA has come under fire from virtually every angle since it was first passed into law, with everyone from business owners to parents criticising it for either going too far, or not far enough.

The European Union’s General Data Protection Regulation (GDPR), widely hailed as the contemporary benchmark for online privacy protection, provides a similar range of protections for EU citizens under 16 years old. Just as with COPPA, though, the GDPR has been attacked both for being too draconian, and for having too many holes — especially when it comes to children’s privacy. 

Other countries have taken children’s online privacy further still. In South Korea, for example, ISPs are required to confirm the legal identities of any would-be internet users before they’re allowed to connect to the internet. This allows the government to monitor children’s online activity, hold them accountable for cyberbullying incidents, and ensure that companies aren’t playing fast and loose with their data. But critics have been quick to point out that these measures also give the South Korean government near-complete control over internet access in the country — which poses a new and different range of risks.

How to keep kids safe online: Education, not regulation

So, with all that in mind, how do we keep our kids safe in this brave new world? With more of their social lives moving online than ever before, it has never been more crucial to strike the balance between privacy and protection, education and supervision. It’s a fine line to walk, but walk it we must. 

At the end of the day, every parent is free to make decisions about what’s best for their children. But remember: educate, don’t regulate. Kids will usually find ways around the restrictions of Messenger Kids, YouTube Kids, and other child-oriented platforms. And even if they don’t, they’ll simply grow up, and grow into using the unregulated versions of those platforms. It’s our responsibility to make sure that the next generation has the information they need to make good decisions when they do inevitably venture out onto the wider internet.