Last week, BBB National Programs’ Center for Industry Self-Regulation announced the launch of the TeenAge Privacy Program (TAPP) Roadmap, “a new operational framework designed to help companies develop digital products and services that consider and respond to the heightened potential of risks and harms to teenage consumers, and to ensure that businesses collect and manage teen data responsibly.” 

Teens (defined in the Roadmap as folks 13 to 17 years old, inclusive) are super active on the internet, but they fall into a sort of gray space: they are not kids (and therefore not entitled to protection under COPPA), but they are not adults, either. As the Roadmap acknowledges, “the teenage stage of cognitive and social development means that the risks and harms implicit in the use of digital products and services may differ in both kind and degree for teen users.”

The Roadmap provides guidance on how businesses can proactively engage with teenage consumers while being mindful of the content and data privacy concerns unique to that age group. The Roadmap aims to (i) foster teen awareness of data privacy, which the Roadmap refers to as “data hygiene”; (ii) encourage the responsible processing of teen data; (iii) build guardrails for teen interactions with others online; and (iv) reflect on appropriate content for teens. Principally, the Roadmap urges businesses to avoid the inappropriate treatment of teen users as adults and to stop normalizing the over-collection of personal information.

Key takeaways from the TAPP Roadmap:

Don’t over-collect.

  • Use default settings to minimize data collection to what is necessary for the delivery of the product or service the consumer expects.
  • Implement clear disclosures and fine-tuned controls where collection would otherwise exceed expectations, including affirmative opt-in consent wherever possible.

Don’t retain data for longer than is necessary.

  • Avoid using teen info as part of a “permanent record” that follows them into adulthood.
  • Give teens control over their digital footprint and allow for changes in behavior and interests to be reflected.
  • Review whether holding teen information for an extended period of time would potentially result in a bias or harm (whether or not that data is still being used).

Be mindful of the impact of ad targeting. 

  • Avoid targeting content to teens using a single criterion that could be especially sensitive to teens or amplify existing insecurities (e.g., body odor, hair loss, weight).
  • Allow users to see what information was used to target them with ads (i.e., why am I seeing this ad?) wherever possible 
  • Supplement messaging/advertising with content that  counteracts the potential negative impact of the targeting.

Be careful with geolocation data.

  • Provide clear, up-front, opt-in disclosures for the collection of geolocation data.
  • Set the default to not collect precise geolocation data without opt-in.  
  • Serve routine reminders of ongoing collection of precise geolocation data (both in-context reminders and through other media, like email).
  • Turn off collection and use by default after inactivity or the end of the session.

Empower teens to take control of their digital interactions.

  • Provide functionality to block, mute, or pause other users.
  • Provide fine-tuned audience controls to allow users to limit visibility of their own content and to flag and remove unwanted reactions to their content.
  • Give users control over who can contract them directly and who cannot.

Keep content age-appropriate.

  • Implement algorithmic content monitoring to filter out inappropriate or adult-only content.  
  • Automate suppression of identified harmful content.
  • Flag, warn, and remove users for posting illegal content.

The Roadmap is not enforceable law, but it provides useful guidance to companies that engage with teenage consumers and handle teen data.