OPINION: Disney settlement shows parents' rights over online content for children

Disney’s recent $10 million settlement with the federal government over collecting personal data from children reinforces the power parents have when it comes to some online content.

The Federal Trade Commission complaint against Disney accused the company of failing to properly label some videos it uploaded to YouTube as “Made for Kids.” That resulted in data being collected from children under age 13 for use in targeted advertising, the FTC says.

Online sites that are directed to young children are required to get the approval of parents for any personal information collected, under the Children’s Online Privacy Protection Rule.

The FTC complaint also said the mislabeling exposed children to age-inappropriate YouTube features such as autoplay to videos not “Made for Kids.”

“Our order penalizes Disney’s abuse of parents’ trust, and, through a mandated video-review program, makes room for the future of protecting kids online … ,” FTC Chairman Andrew Ferguson said in a statement.

The Disney Worldwide Services response: “Disney has a long tradition of embracing the highest standards of compliance with children’s privacy laws, and we remain committed to investing in the tools needed to continue being a leader in this space.”

Here is what to know about the Children’s Privacy Act, signed into law in 1998, and how to protect children online, according to the FTC:

• Review the website or app’s privacy policy regarding how the company plans to use your child’s information. Sites that are covered by the children’s privacy rule — such as those directed toward children — must notify parents and seek parental consent for any information they want to collect.
• Know that parents have the right to refuse consent. “But consent is not all-or-nothing. For example, you might give the company permission to collect your child’s personal information but not allow it to share that information with others,” the FTC says.

If you do give consent, you have the right to:

• Review the information collected regarding your child.
• Revoke consent.
• Have your child’s information deleted.

Scammers sneak into iCloud Calendar

In an apparently new kind of attack, iCloud Calendar is being used to send phishing emails to users. The emails come from an Apple address and appear in the “Notes” field of an iCloud calendar invite, according to Bleeping Computer, a cybersecurity website. The address makes it more likely the email will bypass spam filters.

In one incident, an email claimed to be a payment receipt for a $599 purchase made against the recipient’s PayPal account. The person was given a phone number to “discuss or make changes to this payment.”

The goal is to get the person to call and dispute the charge and then con them into providing personal information. Or, the email senders might say they need to connect to your computer to provide a refund, asking you to download software.