Denise Tayloe, PRIVO: “what everyone must be concerned about is the amount of data that is being collected”

First and foremost, it is the parents' duty to warn their children of the threats that are lurking in the virtual world. And, in addition to that, parents must set boundaries around spending time online.

While children spending countless hours online has been an issue since the connected devices became widely available, during the global pandemic, the time spent online significantly increased. Not only that, kids tend to download and use a variety of applications each day and in the meantime, expose vast amounts of personal information. There’s no denying that using measures like VPNs to encrypt one’s activity can add a layer of security, however, it ultimately comes down to raising cybersecurity awareness and limiting the time kids spend online.

Unfortunately, only a small number of kids are informed about cybersecurity. Therefore, we interviewed Denise Tayloe, the CEO, and Claire Quinn, the Chief Compliance Officer of PRIVO. They explain how PRIVO works to ensure online privacy, identity, and consent management and what measures are needed to protect our kids online.

Tell us more about your story. What inspired you to create PRIVO?

In the year 2000, co-founders & siblings, Denise and Ken Tayloe created a website directed at children and tripped over the new ruling at the time, the Children’s Online Privacy Protection Act (COPPA). The COPPA law empowered parents of children under 13 years old to have the final word regarding the collection, use, and disclosure of their children’s personal information online. The new law also required companies to handle children with special protections.

When we started, there were no roadmaps on how to protect privacy online, especially when it came to protecting children. We understood right away that businesses wouldn’t want to be responsible for holding all sorts of kids’ personally identifiable information, so we created the first iteration of a ‘data vault’ where PRIVO, as a trusted third party, would securely and safely hold data for her clients. PRIVO also pioneered the concept of helping parents manage the flood of COPPA consents we were being inundated with by creating a consent management tool in the form of a “Parent Portal”.

Now, with the trifecta of Big Data peering into every aspect of kids’ lives, the increase in data breaches, and parents’ understanding of the need to participate in their kids’ online lives, PRIVO’s innovations are more valuable and useful than ever before.

Can you introduce us to what you do? Why does protecting children’s data require special attention?

PRIVO is the first and leading global industry expert in children’s online privacy, identity, and delegated consent management. As an FTC-approved COPPA Safe Harbor since 2004, certifying hundreds of apps, sites, and games that are top-performing and well-known kid brands, PRIVO has been developing privacy solutions to empower positive, transparent, and secure online relationships between companies, families, and schools. PRIVO provides customers with end-to-end privacy solutions, helping businesses to either engage safely and legally with minors OR to restrict minors’ access, consistent with customer specifications or as required by law for select industries and verticals.

Some of PRIVO’s clients include Disney, Beano, Roald Dahl, Adobe, Toca Boca, Jam City, Elf on the Shelf, Spin Master, Moose Toys, NASA Optimus Prime Spinoff Promotion, and Research Challenge, PBS KIDS, Crayola, Kawasaki, Line Corp, and more.

Additionally, what issues can arise if proper measures are not in place?

Communities and sites can face enforcement action including fines under COPPA act violations, brand damage, and loss of trust and integrity from your users. You will lose engagement and value with your community. Advertisers and partners will drop you. It’s not just about the enforcement but also the loss of brand trust and integrity.

How do you think the recent global events affected the global state of cybersecurity?

The current state of the world is very scary. There is a picture we see of trust in communities for our future. The pandemic has been a driver behind the 70 percent increased usage of Internet out there (and the traffic is growing exponentially now). Children’s safety and online harms are now at the forefront. You need to know your audience. Privo Protect gives the app or community manager a signal. Kids are using things they have never been exposed to before. Kids were not exposed to Zoom before the pandemic. Lots of gaming and user experiences are brand new to this new generation of users.

Did you add any new features to your services as a result?

We are adding Privo Protect for parents – where consumers and parents have a signal to let these apps know they are dealing with a child, the age of a child for purposes of better treatment and handling. We now see more age-gating on these sites. Companies and community managers need to take the right action when the child is at your door.

What data privacy issues do you think more people should be concerned about at the moment?

Data privacy issues are very high on everyone’s minds and what should they be concerned about is the amount of data that is being collected. More and more biometric data is being collected. There is a lot of surveillance and risks associated with this collection. Even headsets are collecting data about you. You can ID an individual. It goes to psychological profiling. Even the Weight Watchers case in which teenage girls had a data privacy and collection issue and the company was pushing ad data out to these girls who felt they were too fat.

Multi-users and multi-devices of various ages are all playing role-playing games. There are 13 million headsets being used for these reasons. You as the adult don’t know who is on your game with you!

Besides implementing various security measures, what other actions can parents take to help their kids maintain a healthy relationship with modern devices?

What action can parents take? They need to be educated on what these devices actually do.

Parents can make sure children have a balance in their amount of screen time and check on what their child is actually doing online. Parents need to take a bolder stand. They need to stop being bullied by their own kids into allowing them total freedom.

You would not drop your child off at a playground without supervision.

In the age of online learning, what would you consider the essential security measures institutions should implement?

What should education do? Separate data from the big directories. Make sure that the PII is not taken by unknown sources. Schools have rich information. They have to be cautious.

In Fairfax County Public Schools in Virginia, we had a MAZE ransomware hacker and data breach including children’s online mental health records and the hacker ransomware group wanted $1 million to allow this data to be restored/not sold.

“In September, a criminal internet hacker group called Maze claimed to have stolen personal data from inside FCPS’ computer system. On the dark web, Maze showed a link to download a handful of the stolen documents, including letters from the school system to parents discussing disciplinary actions with their students”, reported NBC NEWS.

School districts are not qualified to know what big tech and edtech should be doing within their environments. We think it’s an issue. These are big systems. School systems can take action to flag devices to signal they are a K-12 student device and that should disable tracking or no tracking at all. It should really be that easy.

As for personal Internet use, what tools would you recommend to stay safe online?

For personal use, what tools should you have to stay safe? You must have a neutral, third party like PRIVO, which is a safe harbor under FTC, protecting your data. Personal use means the age must be verified. There used to be password-protected passes but kids have of course found a way around these “protections.

PRIVO Protect offers the best solution. Explore the privacy controls of the most widely used apps on your plan. Try to turn off the “Auto-On” and see if you can still consume the service in a worthwhile way. Don’t feel the need to share everything so that the company can better scrape your data profile.

Tell them you want your data deleted, it is within your rights. Turn off location data unless it is necessary. Turn off data tracking unless necessary. Once you turn off Ways, then stop the GPS.

Take a look at the terms of service. “It is sort of a love-hate relationship” with our devices and app terms of service.

If it is optional, try to default to “no.”

The “cookie consent” these days is really not intuitive. Only provide the necessary information and don’t just blindly accept cookie drops. We hope we see fewer and fewer cookies – they are on their way out!