Explains identification through third-party websites and the ethical questions this raises for youth production.
1.1 What is identification through a third-party website?
It’s when a digital platform wholly or partly delegates the user authentication process to a third party. For example, users who download your application are offered the option of signing in through their Facebook account and thereby skipping the registration process. Simplified authentication of this kind is offered by most mainstream social networks like Facebook, Google+ or Twitter.
1.2 Identification of children through third-party websites
While third-party authentication can be convenient for the user and of interest to the owner of a platform, the practice raises ethical questions when it comes to youth production.
The regulatory framework is designed to protect children who do not necessarily understand all the risks and issues associated with the collection and use of their personal information. To comply with this framework, most mainstream social networks prohibit users under 13 years of age from opening accounts. However, a number of studies have shown that young people regularly lie about their age in order to create a profile.
The United States addresses the question of third-party authentication in the Children’s Online Privacy Protection Act (COPPA).
UNITED STATES
Children’s Online Privacy Protection Act (COPPA)
Federal law to protect personal information about children collected online. COPPA applies to products that collect personal information from U.S. children under 13 years of age, including collection by companies based outside the U.S.
COPPA applies equally to social media. If your target audience is exclusively within the “under 13 years of age” group, integrating authentication through a public social network into your platform is strongly discouraged.
Additional information : Federal Trade Commission: Complying with COPPA: Frequently Asked Questions
Apple App Store
Applications that propose using an existing account for user authentication must have a privacy policy.
The major Canadian self-regulatory organizations do not mention third-party authentication.
- You can integrate registration through a third-party website if your platform is designed for preschoolers (0–5) and the parent is required to register in order to supervise or monitor their child or make recommendations related to their child’s profile (for example, monitoring the child’s progress through a learning website).
- If your platform exclusively targets users under 13 years of age, do not integrate third-party authentication or registration through mainstream social networks
- If your platform partially targets users under 13 years of age, install an age-screening mechanism. This lets you only offer third-party authentication to users over 13 years of age.
- If your target audience is in the “6–12 years of age” group and you integrate authentication through a social network (which is prohibited for minors under 13 years of age), you’re sending parents an odd message. Indirectly, you’re encouraging your users to create a profile on platforms that they are prohibited to access. This positions you in conflict with regulations designed to protect children.
