06. PERSONALIZATION AND PROFILING

Explains the issues related to personalization and profile creation in youth production.

1.1 What do “personalization” and “profiling” mean?

Personalization is a broad term encompassing the features that let users adjust items to their tastes and preferences — for example, choosing their page colour, creating an avatar, filling in a free text field, selecting a profile photo, saving links, etc.

Personalization data are what let children create online profiles (avatars) or manage personal spaces according to their preferences (“My home page”).

Be careful when personalization enables personal information to be publicly shared. For example, in the “About you” field on a personal page that other users can view, a child might be tempted to disclose personal information that identifies her/him. To protect users who are children, you must be attentive to this and regulate your personalization options.

1.2 What aspects of profile creation require particular attention?

Creating a user profile can involve personal information. The golden rule is to limit the collection of personal information to the minimum necessary to provide your service. For example, during registration, it’s better to ask for an alias (username) rather than someone’s real name. Click here for details on registering through third-party sites (e.g. Facebook Login).

It is also essential to link profile creation and personalization to privacy policies and the protection of personal data. In this sense, parents should be informed of these practices and asked to provide their consent, especially when such practices target sites or applications aimed at users under 13 years of age. For users aged 13 and up, the personalization and profile creation processes can be considered as similar to those authorized for social networks.

Personalization and profile creation both affect the protection of personal data. For more information on this topic, click here.

UNITED STATES

Children’s Online Privacy Protection Act (COPPA)

Federal law to protect personal information about children collected online. COPPA applies to products that collect personal information from U.S. children under 13 years of age, including collection by companies based outside the U.S.

Under COPPA, you cannot ask a child for more information than what is required to take part in the activity. Ensure that the information requested for profile creation is “reasonable.”

COPPA holds you responsible for all personal information collected through your platform. This includes information that you request from the child as well data colleted inadvertently — for example, personal information revealed while filling out fields. Ensure that children share no personal information for which you have not obtained verifiable parental consent.

Additional information:

Federal Trade Commission: COPPA Rule: A Six-Step Compliance Plan for Your Business

Collection of Personal Information

CANADA, EUROPEAN UNION, FRANCE & AUSTRALIA

Personalization and profile creation both affect the protection of personal data. For more information on this topic, click here.

Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)

Getting Accountability Right with a Privacy Management Program

European Union: Directive on Privacy and Electronic Communications

Handbook on European Data Protection Law

France: Act on Information Technology, Data Files and Civil Liberties

Commission nationale de l’informatique et des libertés (CNIL)

Australia: Privacy Act

Office of the Australian Information Commissioner: Privacy law reform

Apple App Store

An application cannot require users to provide personal information in order to use it.

Additional information

Personalization and profile creation are not covered by any self-regulatory programs. Users can rely on the regulation in effect.

  • When your website or app requires personalization or profile creation, make sure you obtain parental consent and clearly indicate these practices in your privacy and personal information protection policies.
  • Consider how you will present your profile section in terms of your audience’s maturity (e.g. creating a parent’s login, the information to which parents have access, whether this access is total or partial, etc.).
  • If possible, allow users to enjoy your platform without requiring them to create a profile (optional registration).
  • When profile creation is required for your operations, explain why. For example: “This lets us save your game progress.”
  • During creation of the profile and/or in personalization areas, post a reminder specifying the kinds of information users must not disclose.
  • Install preventive mechanisms to avoid having children publicly disclose personal information. For example:
    • Offer a tool for generating usernames.
    • Replace free text fields by drop-down menus with pre-selected options.
    • Block numbers on the keypad to prevent having the street address and/or phone number revealed.
    • Implement verification measures to clear all personal information before the user submits the data online.

Bibliography.