Privacy Groups Urge Facebook to Improve Privacy and Marketing Safeguards

June 18, 2011

Mr. Mark Zuckerberg

Facebook Corporate Office

1601 S. California Ave.

Palo Alto, CA 94304


Dear Mr. Zuckerberg:

On June 3, 2012, the Wall Street Journal published an article reporting that Facebook is currently exploring ways to allow children under 13 to access the site under parental supervision.[1] Facebook currently prohibits children under the age of 13 from opening an account.  This practice appears to be based on the need to comply with the Children’s Online Privacy Protection Act (COPPA). According to the article, Facebook is currently testing mechanisms such as “connecting children's accounts to their parents' and controls that would allow parents to decide whom their kids can “friend” and what applications they can use.”[2] To date, Facebook has neither confirmed nor denied the information in this report.

If your company chooses to move in this direction, it must develop marketing and privacy safeguards for children, and ensure that the site is in full compliance with COPPA.

Recent surveys by Consumer Reports® have shown that over 5.6 million children under the age of 13 continue to hold and use a Facebook account, in violation of Facebook’s terms of use.[3] In addition, some studies have shown that many parents help their pre-teens set up Facebook accounts with false dates of birth, so that their children can communicate with family and friends.[4] Once a child has registered for a Facebook account with a false birthday, he or she is then treated either as a teen or an adult on the site, depending on the stated age, and subjected to the same data collection and marketing practices used to target older users.  It is important to note here that the data collection and social media marketing practices targeting adolescents on Facebook have already raised privacy and public health concerns.

In light of the many underage kids currently using Facebook, we are glad that the company appears to be recognizing the problem and seeking a solution for addressing the needs of younger children and their parents.  However, the company’s business model relies, at its very core, on data collection, ad targeting, and viral marketing, and many of its practices have generated public and government privacy concerns.  If Facebook opens itself up to a younger audiences, we want assurances that any space created for children under the age of 13 on the site is safe, parent-guided and controlled, and, most importantly, free of ads (including the range of practices that are routinely employed through social media marketing).

We urge Facebook to forgo collecting or using pre-teens’ information to show them ads, expose them to social media marketing practices, or analyze and track their activity using social analytics for commercial purposes. This includes information shared on the Facebook site and throughout its platform, including its mobile service. Safeguards also need to be put in place to address information that Facebook collects when the user is logged in, off-site, and lands on a page with a Facebook button on it. Children and their network of friends should not be subject to behavioral or personalized marketing efforts.

The pre-teen experience on Facebook should be ad-free in its entirety. Research shows that children often have a difficult time differentiating between advertising and other media content, especially in the digital context. Children should be allowed to “Like” a company or product on Facebook, with their parents’ consent. But that information should not then be used to target that child with ads, nor should it be used to conduct social media marketing, in order to convince the child’s friends to also interact with the product or company.

As you know, the Federal Trade Commission is currently revising the rules for COPPA, in order to ensure they remain in step with the rapid changes in digital media, including the growth of social networking and mobile platforms.  The new rules are expected to be announced in the next few months.  In the meantime, we have listed some recommended safeguards that our organizations believe must be incorporated into any Facebook initiative to allow pre-teens on the social network:

Parental Control

  • Pre-teens whose parents have Facebook accounts should be required to link their account with that of their parents. Parents without Facebook accounts whose kids wish to sign up for the site must be able to monitor and pre-approve their kids’ activities on the site through other means. Facebook could, for example, give parents separate login credentials to access and review the child’s account, or it could allow parents to review kids’ activities through email.
  • Parents must have granular control over every action taken by the child that results in sharing personally-identifying information with Facebook or with others on the site, including friend requests and responses, app and game use, posts and status updates, photos, and messages. Parents should be notified when a child takes such an action, and should be given to opportunity to approve (or reject) the action before it takes effect on the site.
  • In order for parents to provide meaningful consent and to effectively monitor their children’s activities on Facebook, they must understand how the site works. A dedicated education campaign should accompany any plans to allow pre-teens on the site, written in a style that can easily be understood by parents, as well as their children. In addition, parents setting up their child’s account should be given a simple tutorial as to how the site works, how information is collected and used, how their child can interact with the site, and how the parent can stay involved.
  • Pre-teens will probably want to download apps and play games on Facebook. Many of these games, however, feature in-app purchases for various game components. In the context of the Apple store, this has caused serious problems, because children were able to make in-app purchases without their parents’ knowledge and consent, leaving the parents to face a massive phone bill at the end of the month. The same risks also surround Facebook apps. Facebook must ensure that each and every in-app purchase feature is enabled only with the parents’ express consent.

Account Settings

  • All settings for pre-teen accounts must be as privacy-protective as possible. For example, children should not be able to share profile information with “friends of friends” or with the public at large. Kids’ names and profile pictures should not be made public to individuals who are not their friends.

The safeguards discussed above, which are not meant to be exhaustive, must address the entire Facebook platform, including access through mobile phone apps, as well as the Facebook Connect system that allows for log-ins to other sites via Facebook.

We would be happy to discuss our recommendations with you in more detail. We hope that as Facebook explores ways to give pre-teens legal access to the site, it will collaborate closely and regularly with privacy advocates and regulators, to ensure that its initiatives foster robust privacy and safety standards and protections for our children.


Thank you for your consideration.

Consumers Union

Center for Digital Democracy

The Academy of Child and Adolescent Psychiatry

Center for Science in the Public Interest

ChangeLab Solutions/Public Health Law & Policy

Children Now

Consumer Action

Consumer Federation of America

Consumer Watchdog

Privacy Rights Clearinghouse

Privacy Times

Public Citizen

World Privacy Forum

[1] Anton Troianovski and Shayndi Raice, Facebook Explores Giving Kids Access.” Wall Street Journal, June 3, 2012. Available at:

[2] Id.

[3] “Facebook and Your Privacy.” Consumer Reports, June 2012. Available at:

[4] danah boyd et al., “Why Parents Help Their Children Lie to Facebook About Age.” First Monday, Vol. 16, No. 11, November 2011. Available at: