Chapter 35: Children, Teens, and Digital Vulnerability

"The best interest of the child shall be a primary consideration." — United Nations Convention on the Rights of the Child, Article 3 (1989)

Chapter Overview

In September 2021, Frances Haugen, a former Facebook data scientist, testified before the US Senate Commerce Subcommittee on Consumer Protection. She presented internal Facebook research showing that the company knew Instagram was harmful to teenage girls' mental health — and had not acted on that knowledge. "The company's leadership knows how to make Facebook and Instagram safer," Haugen testified, "but won't make the necessary changes because they have put their astronomical profits before people."

The testimony ignited a global debate about children's safety in digital environments. But the issues Haugen raised were not new. For over two decades, policymakers, researchers, and advocates had been struggling with a set of interconnected questions: How should data governance frameworks treat children differently from adults? At what age should young people be able to consent to data collection? How should age be verified without creating new privacy risks? And how should we balance children's protection with their developing autonomy, their right to access information, and their right to participate in the digital world?

This chapter examines these questions through the lenses of law, evidence, design, and ethics. It covers the major regulatory frameworks for children's data protection, the evidence on digital environments and youth mental health, the pandemic-era expansion of educational technology, and the principles for designing age-appropriate data systems. The VitraMed thread raises the particularly sensitive question of children's health data.

In this chapter, you will learn to: - Navigate the major regulatory frameworks governing children's data - Analyze the age verification paradox and evaluate proposed solutions - Assess the evidence on social media and youth mental health critically - Evaluate the data governance challenges of educational technology - Apply design principles for age-appropriate digital environments - Analyze the special obligations surrounding children's health data

35.1 The Regulatory Landscape: Protecting Children's Data

35.1.1 COPPA: The US Approach

The Children's Online Privacy Protection Act (COPPA), enacted in 1998 and enforced by the Federal Trade Commission (FTC), is the primary US law governing children's data online. Its key provisions:

Scope: COPPA applies to operators of websites and online services directed at children under 13, or that have actual knowledge that they are collecting personal information from children under 13.

Verifiable parental consent: Before collecting, using, or disclosing personal information from children under 13, operators must obtain verifiable parental consent. Acceptable methods include signed consent forms, credit card transactions, government ID verification, video calls, and knowledge-based authentication.

Notice requirements: Operators must provide clear, comprehensive privacy policies describing their data practices with respect to children's data.

Data minimization: Operators may not condition a child's participation in an activity on the collection of more personal information than is reasonably necessary.

Parental rights: Parents have the right to review personal information collected from their children, request deletion, and refuse further collection.

COPPA's limitations are significant:

• The age-13 threshold is arbitrary. COPPA protects children under 13 but provides no protection for teenagers 13-17 — precisely the age group most actively using social media and most vulnerable to its harms.
• The "actual knowledge" standard creates a loophole. Platforms that do not verify age — and therefore do not have "actual knowledge" that their users are under 13 — can avoid COPPA obligations. This incentivizes not knowing the age of users, creating a perverse dynamic.
• Parental consent is easily circumvented. Children routinely provide false birth dates to access platforms with age gates. The consent mechanisms, while legally required, are technically easy to bypass.
• Enforcement is reactive and resource-constrained. The FTC has brought COPPA enforcement actions — including a $170 million fine against YouTube in 2019 and a $520 million settlement with Epic Games (Fortnite) in 2022 — but these are sporadic relative to the scale of violations.

35.1.2 GDPR Article 8: The EU Approach

The EU's General Data Protection Regulation addresses children's data primarily through Article 8, which establishes the concept of a digital age of consent for information society services:

• Where consent is the legal basis for processing, the processing of a child's personal data is lawful only if the child is at least 16 years old (though member states may lower this threshold to as low as 13).
• Below this age, processing is lawful only if consent is given or authorized by the child's parent or guardian.
• The controller must make reasonable efforts to verify that consent is given or authorized by the parent, taking into account available technology.

The GDPR's approach differs from COPPA in several ways:

In practice, GDPR member states have adopted different ages: Ireland, France, and the Netherlands set the threshold at 16; the UK (pre-Brexit) and Spain at 13; Germany at 16; Belgium at 13. This variation creates compliance complexity for services operating across multiple EU member states.

35.1.3 The UK Age Appropriate Design Code

The UK's Age Appropriate Design Code (formally the Children's Code), which came into force in September 2021, represents the most comprehensive attempt to regulate the design of digital services for children. Developed by the UK Information Commissioner's Office (ICO), the Code establishes 15 standards that apply to any online service "likely to be accessed by children" (under 18):

Key standards include:

1. Best interests of the child. The best interests of the child should be a primary consideration in the design and development of online services.

2. Age-appropriate application. Services should assess the age range of their audience and apply the standards of the Code to each group.

3. Transparency. Privacy information should be provided in age-appropriate language, formats, and channels.

4. Data minimization. Collect and retain only the minimum amount of personal data necessary.

5. Sharing controls. Default settings should not share children's data with third parties unless there is a compelling reason.

6. Geolocation. Geolocation services should be switched off by default for children.

7. Parental controls. If parental monitoring tools are provided, children should be given age-appropriate information about the monitoring.

8. Profiling. Profiling should be switched off by default for children unless there is a compelling reason.

9. Nudge techniques. Do not use nudge techniques to encourage children to provide unnecessary personal data or to weaken or turn off their privacy protections.

10. Connected toys and devices. Apply the Code to connected toys and devices that process children's data.

The Code's most significant feature is its design orientation. Rather than regulating after the fact (as COPPA primarily does), the Code requires services to design for children's safety from the outset. This aligns with the privacy-by-design principles examined in Chapter 10 but applies them specifically to the developmental needs and vulnerabilities of children.

Callout Box: The Impact of the UK Age Appropriate Design Code

Despite being a UK regulation, the Code has had global impact because major platforms have implemented its requirements worldwide rather than maintaining different configurations for different jurisdictions:

• Instagram disabled direct messaging between adults and minors, defaulted teen accounts to private, and restricted advertisers' ability to target users under 18.
• TikTok disabled direct messaging for users under 16, disabled push notifications for users under 16 after 9 PM, and restricted live streaming to users over 16.
• YouTube disabled autoplay by default for users under 18 and removed overly commercial content from YouTube Kids.
• Google enabled SafeSearch by default for users under 18 and introduced auto-delete for location history for minors.

These changes affected billions of users worldwide — demonstrating that a well-designed national regulation can have extraterritorial impact through platform implementation choices.

35.2 The Age Verification Paradox

35.2.1 The Problem

Every children's data protection framework depends on knowing the user's age. But verifying age is itself a data collection act — creating a paradox: to protect children's privacy, you must first collect data about them.

Dr. Adeyemi framed the paradox sharply: "To protect a child from data collection, you first have to collect data about the child. The cure risks becoming the disease."

35.2.2 Methods and Their Tradeoffs

Several age verification approaches exist, each with distinct privacy implications:

Self-declaration. Users enter their birth date during account creation. This is the most common approach — and the least effective. Children routinely lie about their age, and platforms have little incentive to verify.

Credit card verification. Requiring a credit card transaction (even a nominal charge) to verify adult status. This is one of COPPA's approved methods for parental consent. Privacy implications: links the child's account to a parent's financial identity.

Government ID verification. Requiring users to upload a government-issued ID. This provides strong age verification but creates significant privacy risks: a centralized database of IDs linked to online accounts is a high-value target for data breaches and could enable surveillance.

Facial age estimation. AI systems estimate a user's age from a photograph or live video. This approach avoids the need for government ID but raises its own concerns: the accuracy of age estimation varies by demographic group (performing worse for non-white faces), the biometric data collected is itself sensitive, and the normalization of facial scanning for age verification could expand the surveillance infrastructure.

Age assurance through behavioral analysis. Analyzing user behavior (typing patterns, browsing behavior, language use) to estimate age without explicit verification. This approach is the least invasive but the least accurate — and raises concerns about covert profiling.

Digital identity systems. Proposals for privacy-preserving age verification through digital identity wallets that can attest to age without revealing other personal information. The EU's eIDAS 2.0 regulation envisions such a system, but it has not yet been widely deployed.

35.2.3 Navigating the Paradox

The age verification paradox does not have a clean solution. But several principles can guide governance decisions:

1. Proportionality. The intrusiveness of age verification should be proportional to the risks of the service. A social media platform with known mental health risks for teens warrants more robust verification than an educational website.

2. Data minimization. Age verification systems should collect the minimum data necessary. A system that verifies "this user is over 16" without revealing the user's exact age or identity is preferable to one that requires full identity documentation.

3. No new surveillance. Age verification should not create new surveillance capabilities. Systems that build centralized databases of verified identities linked to online activity create risks that may exceed the harms they prevent.

4. Shared responsibility. The burden of age verification should not fall entirely on children or parents. Platforms have a responsibility to design systems that protect minors — and regulators have a responsibility to set clear standards for how.

35.3 Youth Mental Health and Social Media

35.3.1 The Evidence Landscape

The relationship between social media use and youth mental health is one of the most contested empirical questions in contemporary social science. Strong claims are made on all sides, and the evidence is more nuanced than public discourse suggests.

What the research shows with reasonable confidence:

• Correlational association. Large-scale studies consistently find correlations between heavy social media use and higher rates of depression, anxiety, poor sleep, and negative body image among adolescents, particularly girls (Twenge et al., 2018; Kelly et al., 2019). The effect sizes are generally small to moderate — comparable to other known risk factors like lack of sleep or witnessing family conflict.

• Vulnerable subgroups. The effects of social media appear to be more pronounced for certain subgroups: girls more than boys, younger teens more than older teens, and those with pre-existing mental health conditions more than those without (Orben & Przybylski, 2019; Valkenburg et al., 2022).

• Specific mechanisms. Research has identified specific mechanisms through which social media may affect mental health: social comparison (comparing one's appearance and life to curated, filtered presentations), cyberbullying, sleep disruption (particularly from nighttime use), and displacement of activities (physical exercise, face-to-face social interaction) that support mental health.

• Internal platform research. Facebook's own internal research, made public through the Haugen disclosures, found that "32% of teen girls said that when they felt bad about their bodies, Instagram made them feel worse" and that "among teens who reported suicidal thoughts, 13% of British users and 6% of American users traced the desire to kill themselves to Instagram."

What remains uncertain:

• Causation vs. correlation. Most studies are correlational. It is possible that the causal arrow runs in the opposite direction: adolescents who are already depressed or anxious may use social media more as a coping mechanism. Longitudinal studies offer some evidence of bidirectional effects, but the causal question remains open.

• Effect sizes and significance. Orben and Przybylski's (2019) large-scale analysis found that the association between digital technology use and wellbeing was negative but very small — explaining less than 0.5% of the variation in adolescent wellbeing. They noted that the effect size was comparable to the negative association between wellbeing and regularly eating potatoes.

• Heterogeneity. The effects of social media are highly heterogeneous. For some adolescents — LGBTQ+ youth seeking community, teens in isolated rural areas maintaining friendships, young activists finding their voice — social media provides significant benefits. Blanket claims that social media is "harmful to teens" obscure this variation.

35.3.2 The Attention Economy and Vulnerable Users

Regardless of the precise effect size, the structural analysis is clear: social media platforms are designed to maximize engagement (Chapter 4), and children and adolescents are particularly susceptible to engagement-maximizing design because their executive function, impulse control, and capacity for critical evaluation are still developing.

Variable reward schedules — the unpredictable timing of likes, comments, and notifications — exploit the same neurological mechanisms targeted by gambling products. When applied to adolescent users, these mechanisms interact with developmental vulnerability in ways that adult users may not experience.

Dark patterns (Chapter 4) — design techniques that manipulate users into actions they would not otherwise take — are particularly effective against young users who lack the experience and critical distance to recognize manipulation.

Infinite scroll eliminates natural stopping cues, exploiting the same tendency toward "just one more" that developmental psychologists identify as characteristic of adolescent cognition.

"The question isn't whether social media causes mental health problems," Dr. Adeyemi said during the youth data seminar. "The question is whether platforms have an obligation to not exploit developmental vulnerability for profit. You don't need to prove that casinos cause gambling addiction to decide that casinos shouldn't be designed specifically to attract children."

Connection to Chapter 4: The attention economy's engagement-maximizing design, examined in Chapter 4, operates without regard to user age. But its effects are not age-neutral. The same design techniques that are manipulative for adults may be developmentally harmful for children and adolescents. Age-appropriate design requires modifying these techniques — not just adding age gates to unchanged platforms.

35.3.3 Regulatory and Platform Responses

The growing evidence and public concern have produced a wave of legislative and platform responses:

Legislative responses: - The Kids Online Safety Act (KOSA), introduced in the US Senate in 2022 and passed in 2024, requires platforms to provide minors with options to protect their information, disable addictive product features, and opt out of personalized recommendations. - Utah's Social Media Regulation Act (2023) requires parental consent for minors to use social media and imposes curfew restrictions. The law has faced legal challenges on First Amendment grounds. - Australia's Online Safety Act (2021) gives the eSafety Commissioner authority to order the removal of content that constitutes cyberbullying of children. - France's 2023 digital majority law requires parental consent for children under 15 to use social media and mandates age verification.

Platform responses: - Meta introduced "teen accounts" on Instagram in 2024, with restrictions on content recommendations, messaging, and notifications. - TikTok limited screen time for users under 18 to 60 minutes per day (with the ability to override). - YouTube established a separate YouTube Kids platform with curated content and restricted features.

35.4 Educational Technology and Student Data

35.4.1 The Pandemic Acceleration

When schools closed during the COVID-19 pandemic, educational technology (EdTech) went from supplementary to essential virtually overnight. Platforms like Google Classroom, Zoom, Canvas, and a proliferation of specialized learning tools became the infrastructure of education — and with them came an unprecedented expansion of student data collection.

The scale of data collection expanded dramatically:

• Students' faces, voices, and home environments were captured by video conferencing platforms for hours each day
• Learning management systems tracked every click, every assignment submission time, every quiz answer, and every forum post
• AI-powered tutoring systems collected detailed data on learning patterns, mistakes, time-on-task, and engagement
• Proctoring software — designed to prevent cheating on remote exams — monitored students' faces, eye movements, keystrokes, room environments, and browser activity

The governance gaps were immediate and significant:

• Many school districts adopted EdTech platforms under emergency conditions, without conducting privacy impact assessments or negotiating meaningful data protection terms
• Teachers were required to use platforms they had not evaluated and could not control
• Students were required to participate — there was no opt-out for a mandatory class meeting on Zoom
• Parents often did not know what data was being collected about their children or how it was being used

35.4.2 Student Data: FERPA and Its Limitations

In the United States, student data is governed primarily by the Family Educational Rights and Privacy Act (FERPA), enacted in 1974 — long before the digital age.

FERPA provides parents (and students over 18) with the right to access educational records, the right to request corrections, and the right to consent before educational records are disclosed to third parties. Schools may disclose records without consent to school officials with a "legitimate educational interest" and to organizations conducting studies on behalf of the school.

FERPA's limitations in the EdTech era are substantial:

• The "school official" exception has been broadly interpreted to include EdTech vendors acting on behalf of schools — effectively allowing third-party companies to access student data without individual consent.
• FERPA does not directly regulate EdTech companies — it regulates schools. If a school fails to impose adequate data protection requirements on its EdTech vendors, FERPA provides limited recourse.
• FERPA predates the data practices it now governs. It was designed for paper records in filing cabinets, not for real-time behavioral tracking across digital platforms.
• Enforcement is weak. FERPA's primary enforcement mechanism is the threat of withholding federal education funding — a sanction so severe that it is almost never used.

35.4.3 Proctoring Software: The Surveillance Classroom

Remote proctoring software deserves special attention as a case study in the tension between institutional convenience and student rights.

During the pandemic, proctoring platforms like Respondus LockDown Browser, ExamSoft, Proctorio, and ProctorU were adopted by thousands of educational institutions. These platforms employ a range of surveillance techniques:

• Facial recognition to verify student identity
• Eye-tracking to detect if a student looks away from the screen
• Room scanning requiring students to show their physical environment (including bedrooms, living spaces)
• Browser lockdown preventing students from accessing other applications or websites
• AI "suspicion scoring" that flags behaviors the algorithm considers indicative of cheating

The ethical concerns are significant:

• Privacy invasion. Requiring students to show their bedrooms and living spaces as a condition of taking an exam constitutes an invasion of domestic privacy — particularly for students in shared, small, or non-traditional living situations.
• Bias. Facial recognition systems perform less accurately on darker skin tones (Buolamwini & Gebru, 2018), meaning proctoring software may fail to recognize — or falsely flag — students of color at higher rates.
• Anxiety and performance. Research indicates that proctoring software increases test anxiety, which can reduce performance — particularly for students with testing anxiety or disabilities (Kharbat & Abu Daabes, 2021).
• Coercion. Students cannot meaningfully "consent" to proctoring software when the alternative is failing the course. The Consent Fiction is particularly acute when applied to minors and young adults in compulsory educational settings.

"I had to scan my bedroom to take a chemistry exam," one student told Dr. Adeyemi's class. "My roommate's medication was visible on the nightstand. My family photos were on the wall. All of that was recorded and sent to a company I'd never heard of. And the exam instructions said 'by proceeding, you consent to the terms of service.' What kind of consent is that?"

Callout Box: The EdTech Data Governance Checklist

For educators and administrators evaluating EdTech platforms:

1. Data inventory: What data does the platform collect? Is the collection proportionate to educational needs?
2. Purpose limitation: Is data used only for educational purposes, or also for advertising, product development, or third-party sharing?
3. Retention: How long is student data retained? Is it deleted when no longer needed?
4. Access and portability: Can students and parents access and download their data?
5. Security: What security measures protect student data? Has the platform experienced breaches?
6. Bias assessment: Has the platform been tested for bias across demographic groups?
7. Alternatives: Is there an alternative for students who object to the platform's data practices?

35.5 Design for Minors: Age-Appropriate Defaults

35.5.1 Principles of Age-Appropriate Design

The UK Age Appropriate Design Code's 15 standards (Section 35.1.3) provide a comprehensive framework, but they can be distilled into core design principles:

Privacy by default, not by choice. For adult users, platforms can arguably offer privacy settings that users choose to activate. For children, the starting position should be maximum privacy — all protections on, all sharing off, all tracking minimized. Children should not be required to navigate complex settings to protect themselves.

Developmental appropriateness. Design decisions should reflect the developmental stage of the user. A 7-year-old, a 12-year-old, and a 16-year-old have different cognitive capabilities, different vulnerabilities, and different needs for autonomy. Age-appropriate design is not a single setting but a spectrum.

No exploitation of developmental vulnerability. Dark patterns, variable reward schedules, and attention-maximizing design techniques should not be used with children. The business case for engagement maximization does not justify exploiting the cognitive limitations of developing minds.

Transparency in child-accessible language. Privacy information should be provided in language, formats, and channels appropriate to the child's age. A privacy policy written in legal language is not transparent to a 10-year-old, regardless of how clearly it is written for adults.

Parental involvement without surveillance. Parental controls should enable parents to protect their children without creating a surveillance relationship between parent and child. The UK Code specifies that if parental monitoring tools are provided, children should be informed — recognizing that covert parental surveillance of adolescents can undermine the trust relationships that support healthy development.

35.5.2 The Autonomy Gradient

A critical tension in children's data governance is between protection and autonomy. Children have a right to protection — but they also have developing capacities for self-determination. Treating a 17-year-old the same as a 7-year-old denies the older child's growing autonomy; treating a 7-year-old the same as an adult denies the younger child's need for protection.

The concept of an autonomy gradient — a gradual increase in autonomy and decrease in protection as children develop — offers a way to navigate this tension:

• Young children (under 7): Maximum protection. Parental consent required for all data collection. No profiling, no behavioral targeting, no engagement optimization.
• Pre-teens (7-12): High protection with emerging autonomy. Age-appropriate explanations of data practices. Limited customization options. Parental oversight with child awareness.
• Early teens (13-15): Moderate protection with significant autonomy. Ability to manage privacy settings with age-appropriate guidance. Parental role shifts from consent to oversight.
• Older teens (16-17): Reduced protection with near-adult autonomy. Most privacy decisions made by the teen. Parental role is advisory, not controlling. Full protection from dark patterns and exploitation remains.

"The autonomy gradient acknowledges something most regulations don't," Mira observed. "Childhood isn't a binary — you don't go from 'child' to 'adult' at midnight on your 13th or 16th birthday. It's a developmental process. Our data governance frameworks should reflect that."

35.6 VitraMed: Children's Health Data

35.6.1 A Heightened Sensitivity

VitraMed's expansion into pediatric health records introduced a layer of ethical complexity that tested every governance framework the company had developed.

Children's health data is among the most sensitive categories of personal data:

• Lifelong implications. Health data collected during childhood may remain in systems for decades, potentially affecting insurance, employment, and other life opportunities. A child diagnosed with a mental health condition at age 12 may find that diagnosis following them throughout adulthood.
• Consent limitations. Young children cannot meaningfully consent to health data collection. Parents consent on their behalf — but parental interests and children's interests are not always aligned. A parent who consents to share a child's health data with a school may not be acting in the child's interest if the data is used to restrict the child's opportunities.
• Developmental privacy. Adolescents have health concerns — related to sexual health, mental health, substance use, and identity — that they may not want their parents to know about. Health data systems must navigate the tension between parental access rights and adolescent health privacy.
• Predictive sensitivity. VitraMed's predictive models, applied to children's health data, could generate risk scores for conditions that the children themselves might not yet be aware of. Predicting that a 10-year-old has an elevated risk of depression or substance use disorder raises profound questions about whether such predictions should be generated at all — and if so, who should have access to them.

35.6.2 The VitraMed Pediatric Protocol

In the aftermath of the data breach and equity audit (Chapters 30 and 32), VitraMed developed a specific protocol for pediatric data that went beyond HIPAA requirements:

1. Enhanced data minimization. Collect the minimum data necessary for the specific clinical purpose. Do not apply general-purpose predictive models to pediatric data without a specific, justified clinical rationale.

2. Sunset provisions. Implement automatic review periods for pediatric health data. Data collected during childhood should be reviewed at age 18, with the now-adult individual given the right to review, modify, or delete data collected during their minority.

3. Adolescent privacy zones. For patients aged 14-17, create data categories that are accessible to the patient and their healthcare provider but not to parents — protecting adolescent health privacy for sensitive domains.

4. Predictive model restrictions. Prohibit the generation of predictive risk scores for conditions beyond the specific clinical context — no behavioral predictions, no mental health predictions generated outside a direct clinical relationship.

5. Community advisory input. Convene pediatric patient and parent advisory boards to review data practices affecting children, ensuring that the company's governance reflects the values and concerns of the families it serves.

Mira had pushed for these provisions internally, drawing on the principles she had learned in Dr. Adeyemi's course. "Children's health data isn't just smaller adult data," she argued. "It's data about people who didn't choose to be in our system, can't understand our policies, and will live with the consequences of our decisions for decades. That demands a higher standard."

Reflection: Consider a digital service you used as a child or teenager. What data did it collect about you? What data might it still retain? If you could access all the data collected about you between ages 10 and 17, what would you find — and how would you feel about it?

35.7 Chapter Summary

Key Concepts

• COPPA (US) protects children under 13 through parental consent requirements but leaves teens unprotected and contains significant loopholes. GDPR Article 8 (EU) establishes a higher age threshold (up to 16) with member state variation. The UK Age Appropriate Design Code goes furthest, requiring services to design for children's safety from the outset.
• The age verification paradox creates a fundamental tension: protecting children's privacy requires collecting the data necessary to verify their age. No current approach resolves this tension cleanly.
• The evidence on social media and youth mental health shows consistent but small-to-moderate correlational associations, with particularly concerning findings for teenage girls and vulnerable subgroups. Causation remains debated, but the structural analysis of engagement-maximizing design applied to developing minds is robust.
• Educational technology expanded dramatically during the pandemic, often without adequate data governance. Proctoring software raises particularly acute privacy concerns, especially given bias in facial recognition and the coercive nature of participation.
• Age-appropriate design requires privacy by default, developmental appropriateness, prohibition of dark patterns for minors, and an autonomy gradient that increases young people's self-determination as they develop.
• Children's health data demands heightened protections, including enhanced data minimization, sunset provisions, adolescent privacy zones, and restrictions on predictive modeling.

Key Debates

• Should the digital age of consent be raised (to protect more children) or lowered (to respect young people's growing autonomy)?
• Is age verification inherently privacy-invasive, or can privacy-preserving verification technologies resolve the paradox?
• Should platforms be prohibited from using engagement-maximizing design techniques on users under 18, even if those techniques are legal for adult users?
• Who should bear the cost of age-appropriate design — platforms (through reduced engagement and revenue), parents (through increased monitoring responsibility), or governments (through regulatory enforcement)?

Applied Framework

The Children's Data Protection Assessment: 1. Age identification — How does the service determine users' ages? Is the method proportionate and privacy-preserving? 2. Default settings — Are privacy-protective settings on by default for young users? 3. Design audit — Does the service use dark patterns, engagement-maximizing features, or variable reward schedules with minors? 4. Data minimization — Is data collection limited to what is necessary for the service's educational, health, or entertainment purpose? 5. Developmental appropriateness — Are data practices tailored to the developmental stage of the users? 6. Parental involvement — Does the parental role balance protection with the child's developing autonomy? 7. Sunset and review — Are there mechanisms for data review and deletion as children age?

What's Next

From the vulnerability of children, we turn to questions of power and secrecy at the highest levels of government. In Chapter 36: National Security, Intelligence, and Democratic Oversight, we examine the tension between mass surveillance programs justified by national security and the democratic oversight mechanisms designed to constrain them. Eli's analysis of surveillance's disproportionate impact on communities of color connects the youth vulnerability examined in this chapter to the structural patterns of power we've been tracking since Part 1.

Chapter 35 Exercises → exercises.md

Chapter 35 Quiz → quiz.md

Case Study: The UK Age Appropriate Design Code in Practice → case-study-01.md

Case Study: TikTok and Teen Mental Health — Evidence and Response → case-study-02.md