Mitigating Risk and Ensuring Human Flourishing Using Design Standards: IEEE 2089–2021 an Age Appropriate Digital Services Framework for Children

Citation: K. Michael, "Mitigating Risk and Ensuring Human Flourishing Using Design Standards: IEEE 2089–2021 an Age Appropriate Digital Services Framework for Children," in IEEE Transactions on Technology and Society, vol. 5, no. 4, pp. 342-354, Dec. 2024, doi: 10.1109/TTS.2024.3453396.

Abstract:

Online digital services have changed the way that people interact. Companies provide apps for download allowing users of any age to experience them through smartphones and tablets among other devices. To date, company policies have acted as pseudo-guidelines for recommended use. But what happens when apps that were never designed for children are acquired and used by them? To mitigate potential risks the IEEE 2089–2021 standard was developed- an age appropriate digital services framework for children. The standard stipulates the need for a risk-based age appropriate register by which developers can do away with potential intolerable harms on children during the design phase, and keep track of unintended hazards, in order to counteract ongoing negative impacts on children, allowing them to thrive and flourish. Supplementing international law, state regulations, and company policies related to acceptable use, IEEE 2089–2021 provides a benchmark for how children’s apps should be designed based on the 5Rights Principles. Technical standards can be considered a type of soft law, supplementing hard law like treaties or acts, and even non-legally binding instruments like declarations and policies. Together this panoply of safeguards can mitigate the potential for flaws in product development, ranging from data privacy breaches, location tracking default features, nudging toward in-gaming purchases and autoscrolling, child labor toward data annotation, and adverse metaverse experiences. But given the rapidity of product development cycles, it is technical standards that can have the most immediate effect on the pacing problem ensuring that child rights impact assessments (CRIA) are implemented in practice.

SECTION I.

Introduction

Astandard can be defined as attaining a certain level of achievement or quality [1, p. 1366f]. It can be considered an approved model ready for use; something that can be compared against; or even a generally accepted norm that is recognized by agreement [2, p. 1605]. A standard applies to rules, principles, and ideals that through common consent can be used as a comparison to determine the value or social level of something [3, p. 2019]. While standards cover a diverse range of activities, in the commercial context they are typically about “making a product, managing a process, delivering a service or supplying materials” [4]. In the field of computing, official standards are documented usually in the form of technical specifications or criteria that are precise and unambiguous. Standards can be considered as “guidelines, or definitions of characteristics, in order to ensure that materials, products, processes and services are fit for their purpose” [5, p. 418]. When new services, products, or innovations are distributed and diffused, they may only reach their maximum potential if indeed, the standards are open, public, and accessible. This does not mean that proprietary standards are unlikely in the market, but rather that technology-focused companies are continuously inventing and highly creative, and will consider the major impact of an innovation, especially if that innovation requires a new standard. The process of standardizing a product or process is lengthy and requires stakeholders to come together, ideally toward the establishment of an international standard [5]. The aim of any standard is to be adopted by stakeholders and implemented until the lifetime of that standard expires.

This paper is focused on a framework that should underpin the process of designing age appropriate digital products and services with children [6], [7]. Companies that build intangible services that are delivered electronically for the mass market increasingly have child users, even if the policy for the digital application states that a user should be persons over a given age: at least 13 years of age (e.g., Snapchat and TikTok), at least 16 years of age (e.g., Instagram), at least 18 years of age (e.g., YouTube age-restricted videos) [8], [9]. Although legal definitions vary on what age constitutes a child, it is generally held that a child is any person under the age of 18, unless “under the law applicable to the child, majority is attained earlier” [10]. However, there are no safeguards in place to guarantee a subscriber is the age they purport to be, and age verification strategies and mechanisms continue to be a minefield to implement. The underlying philosophy with a standard such as the one undertaken by the IEEE 2089 working group was to ensure that adequate innovation design with children in mind takes place prior to diffusion, and that continuous improvements take place post-deployment to treat risks that may emerge unexpectedly or in anticipation of possible usage with unintended consequences [11].

Companies making digital services targeted at children could benefit from benchmarking their internal design processes against a standard toward establishing best practice. According to the Merriam-Webster Dictionary a benchmark is “something that serves as a standard by which others may be measured or judged.” Thus, when an entity seeks to standardize, they attempt to make, regulate, establish, or adopt something as a standard [3, p. 2020]. The IEEE 2089 standard is a voluntary framework that aims to address the issue of appropriate design of children’s digital products and services. The framework is based on the 5Rights principles for children (Table I) in addition to acknowledging the role of additional age appropriate strategies, policies, design codes, assessments, and tools (e.g., EU-UNICEF’s Child Rights Toolkit). By seeking standardization across the industry, standards are applied that encourage the conception and development of digital products and services that would allow children to enjoy the benefits of online interactions and mitigate the negative externalities that would otherwise require major adjustments to innovations post deployment [12, p. 520]. It may be possible to raise the quality of services presented to children to better meet fundamental requirements related to their rights if these five principles are incorporated as cornerstones during the design phase [13].

TABLE I 5Rights Framework


SECTION II.

Types of Standards

The most effective standards for mass market applications are pitched at the international level. While regional and national standards exist, unlike spectrum-related standards that may differ country-by-country in terms of frequency bands, international standards have a global coverage, can be adopted in any market, are agnostic to specific legislation and can be adapted/amended and applied to suit the environmental conditions of the locale. The International Organization for Standardization (ISO) is an example of an international standards setting body, although it is the Institute for Electrical and Electronics Engineers (IEEE) that has an even larger geographic footprint than ISO. Examples of regional standards include the European Telecommunications Standards Institute (ETSI) and the European Committee for Standardization (CEN), while examples of national standards bodies include the American National Standards Institute (ANSI) and the British Standards Institution (BSI). Standards bodies work together and in partnership with one another to ensure harmonization, global reach, coordination, non-duplication, and marketability [14, p. 8]. Thus, a standard dedicated to children is incredibly important to protect the rights of a child. Table II contains the Project Authorization Request (PAR) approved by the IEEE Standards Association and sponsored by IEEE Consumer Technology Society (CTS)/ Emerging Technology Standards Committee.

TABLE II PAR for IEEE 2089 Approved on June 13, 2019


SECTION III.

Standards and Regulations

Standards are voluntary in nature and work in concert with existing laws and regulations in each country. While technical standards can be considered “soft law” because they are not legally binding, they do have the positive effect of providing a benchmark for companies to follow [15, p. 168]. Standards also act to supplement existing processes in an organization. When a company compares their organizational practices against a voluntary standard, they are free to choose the stages or phases that they have yet to adopt and integrate these as additional steps to enhance the innovation process. The combination of soft laws and hard laws (e.g., regulation [16, p. 11]) serve to provide an even stronger protection for children against intended or unintended exploitation.

A. International Soft-Binding Laws

In the field of international law, there is a declaration and convention that can be used to assess whether child rights are upheld in context. These include: (1) the Universal Declaration of Human Rights (UDHR) [17]; and (2) the United Nations Convention on the Rights of the Child (UN CRC) [10]. With respect to the UDHR, it should be underscored that the declaration is not a treaty and is not legally binding. But it is considered a milestone document in the history of human rights, drafted by different legal and cultural backgrounds, representing all regions of the world, and adopted by the UN General Assembly in Paris on December 10, 1948. In article 25 (Section 2) we read “Motherhood and childhood are entitled to special care and assistance.” Thus, children must be granted additional support and assistance in every context, including when they are engaged in an activity related to a digital service. The Universal Declaration, most importantly, does not directly create legal obligations for countries, however, it is an expression of the fundamental values which are shared by all members of the international community.

The United Nations Convention on the Rights of the Child is made up of 54 articles, and in the context of age appropriate digital services for children, the articles that are directly relevant in the Convention include: 3, 12, 16, 17, 31, 32, and 36. Let’s briefly review these one by one and keep in mind the importance of social responsibility in the field of computing:

  • Article 3. Best interests of a child. All organizations concerned with children should work towards what is best for each child.

  • Article 12. Respect for children’s views. Children have the right to say what they think should happen when adults are making decisions that affect them...

  • Article 16. Protection of privacy. Children have the right to privacy. The law should protect them from attacks against their way of life...

  • Article 17. Access to information. Children have the right to reliable information… Especially with respect to mass media

  • Article 31. Rest, play, culture, arts. Children have the right to relax, play and to join in a wide range of leisure activities.

  • Article 32. Protection from harmful work. Governments should protect children from work that is dangerous or that might harm their health or education.

  • Article 36. Protection from exploitation. Children should be protected from any activities that could harm their development [18].

Now despite that the Convention was adopted by the UN General Assembly in 1989, when digital services for children did not exist in the same way they do today, the Convention is still entirely relevant to how children interact with social media, smartphones, video-on-demand, and Internet services. The UNCRC General Comment No. 25 of 2021 aims to bring the Convention into the modern context where children’s playgrounds extend to the digital realm. It is here that guidance on how States should implement the Convention with respect to children and the digital environment is provided in terms of relevant laws and policies and other measures to ensure that State parties are compliant with their obligations to the Convention. This is a critical time for adherence to the Convention, given the “opportunities, risks and challenges in promoting, respecting, protecting and fulfilling all children’s rights in the digital environment” [19]. This year alone has seen a number of high-profile cases relating to social media addiction [20], and teen suicide related to sextortion [21], and more. Of relevance is the new Digital Services Act (DSA) and the measures in the EU to protect children and young people online that addresses issues relating to cyberbullying, illegal content, and the simplification of terms and conditions, among other topics [22], [23]. The EU AI Act has also partially entered into force with the hope that Article 5 will protect vulnerable persons belonging to a specific group, for example, based on age, a physical disability or mental disability, from artificial intelligence (AI)-based services that may cause them harm(s) [24].

B. National and Local Laws and Regulations

Regulations that support digital services for children can be categorized into five groups: (1) children’s data protection regulation; (2) consumer legislation; (3) equality legislation; (4) children-related Acts; and (5) health and safety legislation (see Table III). None of these regulations or laws can be said to be technology centric. If anything, they are specific to the human person, in this case a child, and together as a patchwork of statutes they serve to protect the child. There is a strong functional relationship between standards, and laws and regulations. Standards upkeep organizational practices but may be absent. For example, an organization may be fined for breaching a child’s online data privacy, held accountable only through prescriptive economic regulatory instruments at the meso layer. For individual cases at the micro layer, laws exist to protect a child from harm, for example, when an adult user masquerades as a child to gain membership to a teens’ online group for the purposes of stalking. Of course, individuals (e.g., children) can misuse digital services that were never built with children in mind to begin with (i.e., breaking with acceptable use policies and age-related policies) but the focus predominantly with soft and hard laws has to do with protection of the person, as opposed to unacceptable use by child users. Federal government regulators or agencies (e.g., Federal Trade Commission or the Department of Justice) can also become involved at the macro layer providing warnings to organizations through investigations, among other controls.

TABLE III Examples of Regulations Linked to IEEE 2089

In essence, standards are examples of archetypal “soft law” programs [25]. In the longer term, soft laws may act to influence the creation of hard laws, tending from voluntary to prescriptive and from informational to regulatory standards, in addition to enforceability from non-binding to binding, and from no legal sanctions to unconditional legal sanctions [26]. The relationship between standards, and regulation and the law are a two-thronged approach in strengthening service delivery, increasingly underpinned by corporate social responsibility [27]. Both approaches are complementary. On the one hand, computers, software, platforms, and systems continue to undergo rapid innovation cycles. It would be futile to attempt to protect children every time an innovation was diffused into the market by creating a law that would take anywhere between 3–5 years to be enacted and that with precedent. Technical standards are the best instrument we can use in a positive sense to encourage the adoption of best practice in the design, development, and delivery of emerging digital services for children [28]. Children become part of the design process as either participants or co-designers playing an integral role in the product or service innovation [29, pp. 45–46].

SECTION IV.

Standards Development

The Institute for Electrical and Electronics Engineers Standards Association (IEEE SA) is a standards development organization (SDO). IEEE SA is accredited to develop standards using open, and transparent processes. IEEE SA presently has membership in over 175 countries, with over 34,000 global participants, who have or are currently engaged in over 2,100 projects [30]. Importantly there are two paths to standards development within IEEE: (1) a standards group is formed by participants that are individual technical experts; or (2) a standards group is formed by participants that are entities such as companies, universities, government bodies, etc. In the case of the latter, representatives are sent by entities to the standards meetings. A minimum of ten individuals forms a ballot group, while three entities are needed for the alternate standards group. In each approach, each individual or entity has only one vote during the ballot process [32, p. 10].

A. From Project Request to Drafting the Standard

There are six stages in the development of a standard at IEEE (Fig. 1). The first three stages are dedicated to establishing a project, a working group and drafting of the standard, while the last three stages are about appropriately balloting the standard, gaining final approval and thereafter publication, maintaining the standard. A key document that initiates a project is the Project Authorization Request (PAR) which clearly states the reason for the project and what it intends to achieve. The PAR is a legal document and initiates the standards development project [32]. Every PAR has a Standards Committee to oversee the project, and is usually sponsored by a relevant IEEE Society. In forming a Working Group that will participate in meetings toward the drafting of a standard, participants are invited independent of their IEEE affiliation, encouraging as broad representation as possible. Participants should have expertise that is relevant and useful to the Working Group with a strong interest in either the technology being standardized, or the process being defined [33]. A broad call for participation ensures a balance in representation for all impacted parties. In the drafting of a given standard, support is provided by IEEE that oversees more than 500 Working Groups and publishes more than 100 standards annually [34]. Training and templates are available to support the drafting of the standard, as well as checklists and policies.

Fig. 1.

Six Stages to the Development of a Standard at IEEE SA. Adapted from https://standards.ieee.org/develop/.

B. Balloting the Standard, Final Approval and Maintenance

When a standard seems stable and looks like it can go forward to the balloting phase, a balloting group that consists of both individual experts, and other interested entities come together to assess the standard. While anyone can comment from the public, only eligible members of the balloting group can approve or disapprove with comments on the standard, usually for a period of between 30–60 days. When three quarters of the eligible members (usually producers or users of the standard) in the ballot group provide a “yes” vote, then a consensus is said to have been achieved, and the Working Group Chair attempts to resolve any outstanding negative comments that may need addressing [35], [36]. The standard will then be recirculated to the ballot group until technical comments have been deemed to be dealt with appropriately, and editorial comments are checked. The ballot group has the right to go through the standard again for any outstanding items, and when consensus is reached, the standard goes into the final approval stage. The Standards Review Committee (RevCom) will approve the standard (or disapprove it), after which point an IEEE SA editor, will go through the final draft, prior to publication. An IEEE standard is valid for up to ten years, at which time it is either revised or withdrawn. The end-to-end standards process can take between 2–3 years on average, though some standards have taken longer to create.

C. Harmonization: Collaborating With Partner Standards Development Organizations

At its very core, IEEE emphasizes that standards development is about collaboration, bringing people together for mutual benefit. As a global institute, IEEE has global reach and has the propensity to positively impact society at large with a unique technical depth in its membership. IEEE standards transcend borders, despite that country-specific standards may persist. Borderless commerce is influencing the need for global standards that IEEE is able to develop, as technological, industrial and geographic lines are blurring [31]. As an SDO, IEEE also encourages collaboration with other international organizations. For example, IEEE and the European Committee for Standardization (CEN) in cooperation with the European Committee for Electrotechnical Standardization (CENELEC) have collaborated on a European-based age appropriate digital services framework based on IEEE 2089–2021 [37]. The CEN-CENELEC Workshop Agreement (CWA) “can be used by engineers and technologists as in to consider children’s rights and well-being throughout the stages of concept exploration and development. It provides implementable processes to help align innovation management to make processes, system design approaches, and software engineering methods age appropriate and, in doing so, reduce risk and, wherever possible, amplify the benefits of the digital world for end users under the age of 18” [38].

SECTION V.

Standards for Children

Section V presents the emergent approaches that have been adopted since 2008 but predominantly over the last 5 years to respond to matters pertaining to child rights online. As processes continue to mature within organizations and government agencies, increasingly specific approaches to child rights impact assessments are emergent, superseding those human rights or social impact assessments in specificity to the rights of children. This has been a critical shift not only in literature but in practice. Despite this emphasis, violations of the law persist as will be described.

A. Existing Technology-Related Assessments, Tools and Frameworks

Soft law can come in the form of diverse initiatives. We can speculate, that if individual organizations do the right thing by children, then corporate social responsibility soft law initiatives would be entirely complementary to hard law (e.g., treaties) [39]. Although some of the literature is mixed on the topic, with theorists asking whether soft law compromises hard law or destabilizes the normative system by undermining it, there are some typical forms of soft law that corporations interested in social responsibility might consider. These include: (1) statements and principles; (2) codes of conduct and codes of practice; (3) recommendations and guidelines; (4) policy declarations; and (5) communications, standards, and action plans [40]. Key literature that is associated with the age appropriate framework discussion and also the conduct of child rights impact assessments (CRIA) of a varied kind, can be found in Table IV. These key sources demonstrate the need to develop a technology standard that would better and more directly address the needs of children during the development of digital services.

TABLE IV Key Literature in Child Rights Impact Assessments and Associated Age Appropriate Framework Discussions









SECTION VI.

Violations of the Law Persist

Photo by Compare Fibre on Unsplash‍ ‍

Despite growing support for CRIA in the form of tools and toolkits, large organizations with significant numbers of subscribers (child users in the millions) continue to find themselves in legal dilemmas. In recent times we have witnessed penalties handed down to global organizations in the hundreds of millions of dollars in response to violations of the law, specifically against children [54]. The point here is not to single out industry players for intentional or unintentional breaches in the law, but to demonstrate that all entities involved in the development of digital services for children must be accountable for preserving the health and wellbeing of their users and adhere to national/international laws and regulations, and technical standards where they exist. Every organization should consider their internal design and development processes for digital services and products toward sustainable solutions and ensure they are responsible corporates.

The novelty of new services on the Internet has by now worn off. Nevertheless, we are witnessing even shorter innovation cycles, that are impacting the children’s space, in the form of:

  1. radical innovations: rare but can have a significant impact on children, e.g., VR in the Metaverse; or

  2. architectural innovations: that can have significant changes on the way children interact with digital services through, e.g., an ID bridge, which allows for a single sign-on between online applications; or

  3. modular innovations: that have a high component impact allowing devices children use to go for longer through longer-lasting batteries; or

  4. incremental innovations: that are plentiful sometimes going under the radar because they are very frequent and at times invisible (e.g., feature toggles and defaults) [55]. Those incremental innovations which are frequent and minor additions/adaptations are likely responsible for privacy-related data breaches exactly because they hit a blind spot.

The questions about “what” we are doing with children’s data, and the child’s right to privacy, and the child’s right not to be subject to targeted advertising, endorsement, and product placements (i.e., the very act of duping a child), have begun to rise to the fore, as has awareness about behavioral science techniques that nudge and encourage impulsive buying (e.g., in-game purchasing) and addictive behaviors in minors (e.g., autoscrolling) [56], among other harmful practices. Table V presents diverse representative cases and the fines that companies have faced because of violations of the law in specific markets. It should be emphasized that a breach in one market may not be considered a breach in another. Differences are highly dependent on societal and cultural values and norms, and organizations with digital products and services with a global footprint, need to begin to customize their applications according to the expectations of local communities [57]. This should not be seen by organizations to complicate software engineering processes, but to enhance them, and possibly as a competitive advantage flow-on effect, even attract a greater number of customers given better alignment [58].

TABLE V Organizational Violations of the Law against Children

One size does not fit all, in terms of online applications. Services for adults and those for children are not the same. No, we should not be monetizing a child’s personal data; and that data should remain private, as was stipulated in the UN CRC. We should also not be using youth in a gamified way toward artificial intelligence data annotation and labelling tasks within social media platforms [69]. This is, to knowingly manipulate and exploit minors as unpaid laborers in the pursuit of profits and not the public interest. This is diminishing the human person and robbing children of attention [70]. So, the question remains, if there is an instance of hard law in place through a treaty or a regulation like the GDPR (General Data Protection Regulation), why are we seeing large organizations reoffend, and pay such huge penalties for violations of the law? In searching for a reason as to why, for example, there have been so many significant child privacy-related data breaches by corporations, we can assume that these breaches are either unintentional or intentional flaws in the design process.

SECTION VII.

Unintentional or Intentional Design Flaws?

No one can underestimate the complexity of modern-day socio-technical systems with cyber-physical-social realities [71]. Large organizations are at times a victim of their own rapid growth. While BigTech firms are often synonymous with hockey stick growth, getting a product to market to ensure first-mover advantage and market share retention places great pressure on employees and internal organizational processes, the regulation of new service offerings, and timely stakeholder responses [72].

A. The Pacing Problem

One might hypothesize that the reason for these penalties handed down to corporations in the multi-millions is squarely related to the pacing problem defined as “the growing gap between the pace of technology and the lagging responsiveness of legal and ethical oversight society relies on to govern emerging technologies” [69], [73]. That is companies are innovating at such a fast pace, they do not realize they have left themselves open to the mishandling of children’s data, or privacy breaches related to children because existing laws and regulations have previously not been in place or enforced. One can imagine if tech could speak, it might say “catch me if you can”. But regulators have caught up, as have laws, as have technical standards, and as finally, have consumers through digital literacy education and cybersafety awareness campaigns. Might these successive large-scale penalties finally tame the insatiable desire for more and more data? Or will this trend continue? Equally, might this be an issue related to a gap in skillset availability with respect to governance of emerging innovations? Do we need dedicated privacy and security champions to ensure the careful handling of children’s data or something else? Might this mean new hires in the form of public interest technologists working closely with development teams [74] toward purpose-driven innovation [75]?

B. The Organization’s Risk Appetite

An alternate hypothesis is that organizations have intentionally designed flaws in their digital product and service offerings for children. That organizations have been fully aware that enabling certain functions (e.g., default settings of geolocation tracking on social media used by children) during the design phase is not in congruence with international laws on the rights of children, nor of the provision of assistance of children, nor on the rights of the privacy of a child. Have corporations decided that they will continue to innovate by pushing the boundaries of discovery, and going forward until they are stopped by a monitoring delegation given their ability to absorb the associated risks?

A company’s risk appetite is defined as the level of risk that an organization is prepared to accept in pursuit of its objectives before action is deemed necessary to reduce the risk. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings [76]. But human-centered design approaches do not tout the profit motive above the person. Organizations should not be contemplating strategic decisions toward a plausible risk appetite that can absorb fines. Organizations should be spending the necessary time and budget into researching innovative ways to design that aligns with local values and technical standards, to creatively revolutionize their design thinking approaches with children as design partners.

C. Ethics and Practical Intentionality

While there is a significant body of literature on the ethics of intentionality, intentional design, and moral responsibility of the organization with the human-computer interaction space (e.g., the ACM Interaction Design and Children Conference), this article is focused on the application of ethical principles into design action via a technical standard. While some see ethical principles as toothless [77], others write in defense of ethical guidelines [78]. Modern interpretations of intentionality, ethics, practice, and responsibility are also useful in this discussion, as our actions and behaviors as designers and developers are driven by respective value systems [79]. These are not homogeneous. As a community of technologists there is a moral responsibility to society at large [80]. It is true however, that no matter how much we talk of ethics in organizations, no matter how much we tout the benefits of corporate social responsibility, unless we begin afresh to understand that responsibility requires action, we will fail in our ultimate aim of developing digital products and services that are fit for purpose, and not just fit. This is what will allow child users to flourish and reach their potential [81]. And to be clear, this is not a once off consideration of ethical principles embedded in design approaches but a dynamic and continuous vigilance on how to improve services, even if that means that profit margins are mindfully decreased in the public interest. Enter the need for a technical standard that may be a middle ground between legal instruments of enforcement and those that are not legally binding. This may be what the sector requires as an example of best practice to supplement existing proprietary child-centric design processes.

SECTION VIII.

IEEE 2089-2021

The 5Rights organization is led by Baroness Beeban Kidron who has had a major impact on raising awareness about child rights both in the UK and internationally. IEEE 2089 is just the beginning of a suite of standards around children’s rights (e.g., already under development is the Online Age Verification standard IEEE P2089.1 [82] and the Standard for Terms and Conditions for Children’s Online Engagement IEEE P2089.2 [83]). The IEEE 2089–2021 standard, titled Age Appropriate Digital Services Framework (AADSF) based on the 5Rights Principles for Children has five main components as depicted in Fig. 2. These components are not meant to be conveyed as linear stages in a process, but rather serve as the cornerstones of the AADSF lifecycle. This section describes the key activities of the standard describing aspects of requirements, design, implementation, and operation and maintenance considerations with direct links to upholding children’s rights.

Fig. 2.

Main Components of the Age Appropriate Digital Services Framework for Children [Adapted from IEEE 2089-2021, pp. 13–44].





A. 5Rights Principles and Multi-Stakeholder Consultation

The key areas of the 5Rights principles include that digital products and services must:

  1. recognize child users and meet their needs and diversity;

  2. consider the capacity of a child and uphold their rights;

  3. ensure a child-centered approach to data use;

  4. provide moderation and redress to a child user; and

  5. present published terms in an age appropriate format [84]. One of the benefits of using the standard is that it provides an in-built impact rating system and corresponding evaluation criteria for the end-to-end value chain, helping independent software vendors, hardware providers, service providers, content providers, public institutions, and the educational sector on how best to address the criteria.


IEEE 2089–2021 is not a piece of hardware, and it is not a protocol, it is a process- a set of activities organizations engage in during design of digital services for children. IEEE 2089–2021 implements a life cycle model: “a framework of processes and activities” [84]. As depicted in Fig. 2, the first component incorporates the preparation phase. This is still a preliminary step trying to understand the sustainable viability (social, economic, environmental) of the proposed commercial project in the context of diverse stakeholder consultation with the establishment of an age appropriate register (AAR) and the early identification of intentional/ unintentional impacts.

The standard also defines a set of processes that create what is essentially a set of fair terms to proactively address the expectations of children, parents, educators, and even other adults, and ensure that legal obligations are met [IEEE 2089-2021, p. 22]. Children are active participants in the process as co-designers. Additional stakeholders that might be considered integral to the design process include third parties that have specific interests, for example, an owner or developer of an app, a regulator, a trade association, a data broker, an agent, or other stakeholder. The standard incorporates risk management/ mitigation considerations.

B. Build an Interdisciplinary Team and Ensure Accountability

The strength of the standard is in its specificity. It establishes requirements for the inclusion of appropriate and accountable stakeholders across organizational transactions. On the technology supply side, the standard is aimed at:

  1. an organization: to help establish appropriate internal processes;

  2. a project team: to help select, structure, and employ the elements necessary to provide age appropriate digital products and services;

  3. an acquirer and a supplier: to help develop an agreement concerning processes and activities that are age appropriate;

  4. by process assessors: toward organizational process improvements using the reference model for performance assessment [IEEE 2089-2021, p. 20].


Internal to the organization the key roles in age appropriate engineering project teams are suggested as follows: top management champion, system expert, age appropriate lead, child rights advocate, senior product manager, moderator, transparency manager [IEEE 2089-2021, pp. 24–26]. Of course, the hiring of this many job types working concertedly on child-centric digital services will not always be seemingly economically viable, but these wages will surely cost substantially less than the penalties that have been handed down to corporations.

C. Assess and Treat the Risks Using an Age Appropriate Register

The unique approach taken by IEEE 2089–2021 is that of the risk-based age appropriate register (AAR). AAR is an information repository created for clarity, unambiguity, and reasons of traceability for a company’s product or service that contains data and insights gained in child impact exploration, prioritization, and product/service requirements (see Fig. 3). Organizations that abide by the standard should (1) review the AAR for areas of functional and operational impact on children; (2) identify criteria for risk tolerability of hazards, opportunities, and requirements in each context of use; and (3) enable assessments of tolerability level for each risk and establishes the necessity for further risk mitigation. In essence, a project team must make the decision whether a risk can be accepted/owned or it is not tolerable and requires risk treatment. The aim for any team is in the reduction or elimination of an intolerable risk that would otherwise cause harm to a child if left unchecked.

Fig. 3.

The Case for Age Appropriate Conformity Provides a Structured Account of an Organization’s Ethical and Technical Activities for Auditability in the Development of Children’s Products and Services [Adapted from IEEE 2089-2021, pp. 45–46].


The AAR is not a static register. Factors, functions, features, contexts, cases, and/or examples that are recorded in the register at the requirements phase of the project should be followed through from design to implementation and beyond. There is in fact a time scale that is crucially important in the AAR that should be revisited periodically based on the adopted organization’s software methodology. In essence, the AAR is evidence to a potential auditor, or regulator for the historical considerations and actions made by the company (see Fig. 3). The AAR should contain relevant details against each record, such as a definition, a detailed description, software module instance(s) for addressing the matter, and the level of risk/reward, and the level of importance. These can be mapped onto a graphical matrix (such as in figure 4) to assist in identifying hazards and opportunities that can be dealt with. Prioritizing the potential rewards and benefits and the possible harms and negative externalities will only lead to a more robust product offering for children [IEEE 2089-2021, pp. 40–42]. Addressing risks to an acceptable level will have a direct effect on child users, allowing them to enjoy the digital product or service in a manner that will preserve their wellbeing. With promises of full-scale immersion in the context of eXtended Reality (XR) apps in the Metaverse, some decisions may well be to keep children out of some service offerings meant only for adults [85]. Measures taken must be recorded, verifiable and the commensurate outcomes recorded against the AAR post deployment of an offering. The construction of the initial AAR may be formed through media reports based on real cases, interviews with children and parents, or even be speculative through scenario-based brainstorming by the development team. But a period of stakeholder consultation for a low fidelity and high-fidelity prototype is vital.

Fig. 4.

A Pictorial Representation of a Risk-Based Age Appropriate Register Mapped to a Matrix.

D. Operation and Maintenance

After the service offering is deployed and in operation, child users and other stakeholders may provide feedback directly to the company via Web-based or in-app correspondence. Members of the interdisciplinary project team should also seek continual improvement to refine the digital product or service offering by incorporating stakeholder suggestions and revisions, and scanning the external environment for changes in legislation that may impact the plan of records, or new evidence on how best to maintain the health and wellbeing of children [92]. At the time that the offering has reached its lifetime, the company may consider decommissioning the application and cease further development [IEEE 2089-2021, pp. 42–44]. This can happen if a given digital product or service was developed for a given market whose government has opted to ban that product or service for legal reasons. Of the utmost importance is the way that children’s data is handled, and ultimately deleted.

SECTION IX.

IEEE 2089–2021 in Practice

What might reduce the number of privacy breaches by corporations against children? To reiterate, we have hard laws in the form of treaties that are legally binding agreements but has this offset the number of penalties handed down to big companies? Should corporations better reflect on their social responsibility charter? Are principles enough? Or should they revisit their commitment to offering services that uphold child rights? This is when as a community of researchers and practitioners, the following should be addressed:

  1. Revisiting socio-technical objectives. Is it money we care about when building digital services for children? Or is it offering appropriate services to our end-users?;

  2. Adopting principles of public interest technology and ensuring that services satisfy children’s needs in alignment to their rights;

  3. Co-designing with children to ensure what they value on top of what is already written in legal instruments;

  4. Embedding values by design ensuring that privacy and security are incorporated in design of new innovations;

  5. Consideration of soft law (corporate social responsibility) in support of hard law (in the form of international treaties) [86], [87]; and

  6. Adoption of standards that exist specific to children and technology.

SECTION X.

Building Digital Literacy: Developmental Model

It is vital that technical standards are seen as a means to address the problems surrounding the design of digital services for children. First is the acknowledgement that children’s services should be handled differently in terms of design to the rest of the population, but that good design for children, or any other vulnerable group, is likely to yield good design for users, and other stakeholders. Among the concerns at large are nudge factors that entice children and youth to enter into transactions (monetary and non-monetary) that they would not have otherwise engaged in, save for the instituted design feature present. In the same vein, are nudge features that might be built-in to digital services, in support of allowing children to be more autonomous in choices they make about their use, for example, of social media. Thus, seeing children as “co-design partners” in the design, development and evaluation of digital services is becoming increasingly important [88].

Secondly, online safety campaigns while now commonplace in schools across the world, have not gone far enough in terms of broader media literacy/ digital literacy that is required to minimize risks for children online [89]. In some countries, partnerships between stakeholders in the children’s digital online space are now forming to tackle the problems that would otherwise become entrenched later in life, by targeting early childhood with digital fluency strategies [90]. This leads to a development model approach to building digital skills from early childhood, into adolescents, and then into adulthood that allow for healthy habits. Individuals are empowered to become proactive decision-makers rather than passive and reactionary observers to online messaging, social media platforms, online games, digital subscriptions and more [93].

Thirdly, while labelling and rating systems around age-appropriate content have their usefulness, when parents/guardians and teachers are looking for appropriate resources for curricula or children’s entertainment, they require training and support with respect to what it is that their children are engaged in. This is increasingly difficult given time constraints with a digital and mobile workforce, and while it might seem obvious, nothing can replace the key discussions with children in the family setting on a day-to-day basis in talking through complex situations, whether hypothetical online scenarios or real circumstances. While toolkits and guidelines for parents and teachers and other stakeholders exist regarding appropriateness of digital adoption and use by children [e.g., [90]], more research is required to allow children to thrive and flourish. Importantly, this requires an all-stakeholder approach to addressing the issue of age appropriate digital services for children, with designers and developers of digital services seeking stakeholder consultation from the outset in order to identify childhood risks early.

SECTION XI.

Conclusion

In conclusion, the position of the author is to advocate for a balanced approach to the governance of digital products and service offerings for children. Organizations are encouraged to invest in human resources and important artefacts (e.g., child rights impact assessment and a risk-based age appropriate register) to assist in the design, development and delivery of their innovations. When selecting soft law programs, organizations should really think about the alignment of technical standards to their existing corporate social responsibility portfolio. There is further congruence between standards and policies that should not be in conflict. Yet standards alone, will not be a silver bullet solution, especially if the company merely pays lip-service to codesign and only speaks of principles without commensurate training, certification, and reflection on existing corporate practices. Soft law is surely not a replacement for laws and regulations, but it can help establish best practice without undermining legally binding instruments in a synergistic manner. We continue to advocate for a flexible approach knowing that all forms of law: hard and soft, are required to buffer new innovations into the market to become widely diffused. If CSR initiatives into practice can act as catalysts for this change, then digital services can be enjoyed by all and adjusted based on age appropriateness.

Soft law places pressure on technology developers to act in a socially responsible manner. Technology designers for children should be championing co-design practice, but so should other inclusive stakeholders. Possibly the corporate social responsibility message does not just have to do with employees of a company acting in alignment with other companies but continuing to conduct further outreach and consultation to stakeholders. The public interest technologist plays a vital role in this context. There is a need to hire graduates interested in societal challenges, not just technical domains, but also from psychology, sociology, anthropology, law, business, and the arts. “Naming and shaming” organizations can be just as powerful as regulation, but will this move an industry in the right direction? It will certainly take organizational champions to fly the sustainability flag, knowing that society must care for the needs of children. Design lessons learned from this demographic will almost certainly assist in the deployment of other digital products and services meant for other demographic populations.

Reference

1. R. Allen, The Penguin English Dictionary, 2nd ed. London, U.K. : Penguin Books, 2003, Art. no. 1366f.

‍ ‍

2. ( MacMillan Publ. Solut., London, U.K. ). Macquarie Dictionary: Australia’s National Dictionary, 5th ed., 2009.

‍ ‍

3. C. L. Barnhart, The World Book Dictionary: L-Z, vol. 2. Chicago, IL, USA : Field Enterp. Educ. Corp., 1971.

‍ ‍

4. Int. Organ. Standard., Geneva, Switzerland, ISO Standards. Accessed: Apr. 8, 2023. [Online]. Available: https://www.iso.org/standards.html

‍ ‍

5. D. Pountain, The Penguin Concise Dictionary of Computing. London, U.K. : Penguin Books, 2003.

‍ ‍

6. R. Abbas, H. Tootell, M. Freeman, and G. Ellmers, “Engaging young children as application design partners: A stakeholder-inclusive methodological approach,” IEEE Technol. Soc. Mag., vol. 37, no. 3, pp. 38–47, Sep. 2018, doi: 10.1109/MTS.2018.2857584.

‍ ‍

7. N. Chelvachandran and K. Michael, “Digital design with children in mind,” IEEE Technol. Soc. Mag., Vol. 41, no. 3, pp. 91–95, Sep. 2022, doi: 10.1109/MTS.2022.3201450.

‍ ‍

8. K. Michael and R. Abbas, “Caring for children online: Co-designing in the public interest,” presented at the IEEE Standards Association: Digital Inclusion, Identity, Trust, and Agency, Vienna, Austria, Accessed: Dec. 4, 2019. [Online]. Available: https://standards.ieee.org/events/diita/dec-2019.html

‍ ‍

9. N. Chelvachandran, M. Patterson, and K. Michael, “Designing online/offline experiences with children in mind,” in Proc. IEEE Int. Symp. Technol. Soc. (ISTAS), 2023, p. 1. [Online]. Available: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9629167

‍ ‍

10. ( United Nat. Human Rights, Off. High Comm., Geneva, Switzerland ). Convention on the Rights of the Child. ( 1989 ). Accessed: Apr. 10, 2023. [Online]. Available: https://www.ohchr.org/en/instruments-mechanisms/instruments/convention-rights-child

‍ ‍

11. K. Karachalios, B. Kidron, K. Michael, and A. Koene ( IEEE Stand. Assoc., Piscataway, NJ, USA ). How to Design a Digital World Where Children Can Thrive. Accessed: Feb. 8, 2021. [Online]. Available: https://engagestandards.ieee.org/Childrens-2089-webinar.html

‍ ‍

12. “Standardization,” in The New Encyclopaedia Britannica: Micropaedia, vol. 9. Chicago, IL, USA : Helen Hemingway Benton, 1974.

13. K. Michael, “Age appropriate design code: Digital services framework for children,” presented at the Meeting 2 for the Committee on the Assessment of Social Media on the Health and Wellbeing of Children and Adolescents; National Academy of Engineering, the National Academy of Medicine and the National Research Council. Accessed: Feb. 7, 2022. [Online]. Available: https://www.nationalacademies.org/event/02-06-2023/assessment-of-the-impact-of-social-media-on-the-health-and-wellbeing-of-adolescents-and-children-meeting-2

‍ ‍

14. N. Chelvachandran, M. Patterson, K. Michael, and J. Castanier, “Designing online/ offline experiences with children in mind,” in Proc. IEEE Int. Symp. Technol. Soc. (ISTAS), 2021. Waterloo, ON, Canada, 2021, p. 1.

‍ ‍

15. C. I. Gutierrez, G. E. Marchant, and K. Michael, “Effective and trustworthy implementation of AI soft law governance,” IEEE Trans. Technol. Soc., vol. 2, no. 4, pp. 168–170, Dec. 2021, doi: 10.1109/TTS.2021.3121959.

‍ ‍

16. C. I. Gutierrez, G. E. Marchant, and K. Michael, “Ideas on optimizing the future soft law governance of AI,” IEEE Technol. Soc. Mag., vol. 40, no. 4, pp. 10–13, Dec. 2021, doi: 10.1109/MTS.2021.3123746.

‍ ‍

17. ( United Nat. Human Rights, Off. High Comm., Geneva, Switzerland ). Universal Declaration of Human Rights. ( 1948 ). Accessed: Apr. 10, 2023. [Online]. Available: http://www.un.org/en/about-us/universal-declaration-of-human-rights

‍ ‍

18. ( UNICEF, New York, NY, USA ). An International Agreement for Child Rights. Accessed: Apr. 10, 2023. [Online]. Available: https://www.unicef.org.au/united-nations-convention-on-the-rights-of-the-child

‍ ‍

19. ( United Nat. Human Rights, Off. High Comm., Geneva, Switzerland ). General Comment No. 25(2021) on Children’s Rights in Relation to the Digital Environment. Accessed: Mar. 2, 2021. [Online]. Available: https://www.ohchr.org/en/documents/general-comments-and-recommendations/general-comment-no-25-2021-childrens-rights-relation

‍ ‍

20. C. Vallance, “Facebook and Instagram suspected to be ‘too addictive’.” BBC. Accessed: May 16, 2024. [Online]. Available: https://www.bbc.com/news/articles/cv2d2j8y38lo

‍ ‍

21. ( Bloomberg, New York, NY, USA ). Teen Suicides Force Meta, Snap to Tackle Rising Sextortion Problem: Bloomberg: Business Week. Accessed: Apr. 22, 2024. [Online]. Available: https://www.bloomberg.com/features/2024-sextortion-teen-suicides

‍ ‍

22. ( Eur. Comm., Brussels, Belgium ). The Digital Services Act (DSA) Explained—Measures to Protect Children and Young People Online. Accessed: Feb. 6, 2024. [Online]. Available: https://digital-strategy.ec.europa.eu/en/library/digital-services-act-dsa-explained-measures-protect-children-and-young-people-online

‍ ‍

23. ( Publ. Off. Eur. Union, Eur. Comm., Brussels, Belgium ). Directorate-General for Communications Networks, Content and Technology, The Digital Services Act (DSA) Explained—Measures to Protect Children and Young People Online. 2023. [Online]. Available: https://data.europa.eu/doi/10.2759/576008

‍ ‍

24. ( Eur. Parliam., Strasbourg, France ). EU Artificial Intelligence Act. Accessed: Aug. 1, 2024. [Online]. Available: https://artificialintelligenceact.com/title-ii/article-5/

‍ ‍

25. A. Guzman and T. Meyer, ( Berkeley Program Law Econ., UC Berkeley, Berkeley, CA, USA ). Explaining Soft Law. ( 2010 ). Accessed: Apr. 10, 2023. [Online]. Available: https://escholarship.org/uc/item/90w

‍ ‍

26. K. W. Abbott and D. Snidal, “Hard and soft law in international governance,” Int. Organ., vol. 54, no. 3, pp. 421–456, 2000. [Online]. Available: http://www.jstor.org/stable/2601340

‍ ‍

27. M. Cominetti and P. Seele, “Hard soft law or soft hard law? A content analysis of CSR guidelines typologized along hybrid legal status,” UmweltWirtschaftsForum, vol. 24, pp. 127–140, Dec. 2016. [Online]. Available: https://doi.org/10.1007/s00550-016-0425-4

‍ ‍

28. P. Cihon, M. J. Kleinaltenkamp, J. Schuett and S. D. Baum, “AI certification: Advancing ethical practice by reducing information asymmetries,” IEEE Trans. Technol. Soc., vol. 2, no. 4, pp. 200–209, Dec. 2021, doi: 10.1109/TTS.2021.3077595.

‍ ‍

29. R. Farthing, K. Michael, R. Abbas, and G. Smith-Nunes, “Age appropriate digital services for young people: Major reforms,” IEEE Consum. Electron. Mag., vol. 10, no. 4, pp. 40–48, Jul. 2021, doi: 10.1109/MCE.2021.3053772.

‍ ‍

30. IEEE standards.” Accessed: Jul. 1, 2023. [Online]. Available: https://standards.ieee.org/

‍ ‍

31. J. E. Matthews ( IEEE Stand. Assoc., Piscataway, NJ, USA ). IEEE’s Relationship With Other Standards Development Organizations (SDOs). ( 2019 ). Accessed: Apr. 10, 2023. [Online]. Available: https://standards.ieee.org/wp-content/uploads/import/documents/other/ieees-relationship-with-other-sdos.pdf

‍ ‍

32. ( IEEE Stand. Assoc., Piscataway, NJ, USA ). Submitting a Project Request. Accessed: Jul. 1, 2023. [Online]. Available: https://standards.ieee.org/develop/initiating-project/par/

‍ ‍

33. ( IEEE Stand. Assoc., Piscataway, NJ, USA ). Who Can Participate?. Accessed: Jul. 1, 2023. [Online]. Available: https://standards.ieee.org/develop/mobilizing-working-group/participate/

‍ ‍

34. ( IEEE Stand. Assoc., Piscataway, NJ, USA ). Drafting the Standard. Accessed: Jul. 1, 2023. [Online]. Available: https://standards.ieee.org/develop/drafting-standard/

‍ ‍

35. ( IEEE Stand. Assoc., Piscataway, NJ, USA ). The Balloting Process. Accessed: Jul. 1, 2023. [Online]. Available: https://standards.ieee.org/develop/balloting-standard/balloting/

‍ ‍

36. “Age appropriate digital services framework,” presented at CEN and CENELEC Workshop Agreement CWA 18016, Art. no. ICS 35.240.01; 97.190, Sep. 2023. [Online]. Available: https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/ICT/cwa18016_2023.pdf

‍ ‍

37. K. Michael, IEEE 2089–2021 Age Appropriate Digital Services for Children: An Overview: CEN-CENELEC Workshop on the Age Appropriate Digital Services Framework. May 20, 2022. [Online]. Available: https://www.youtube.com/watch?=VwKSH1J6bHw

‍ ‍

38. CEN, CEN-CENELEC workshop on age appropriate digital services framework.” Accessed: Mar. 6, 2023. [Online]. Available: https://www.cencenelec.eu/news-and-events/news/2023/workshop/2023-03-06-age-appropriate-digital-service-framework/

‍ ‍

39. S. I. Karlsson-Vinkhuyzen and A. Vihma, “Comparing the legitimacy and effectiveness of global hard and soft law: An analytical framework,” Regul. Gov., vol. 3, no. 4, pp. 400–420, Dec. 2009. [Online]. Available: https://doi.org/10.1111/j.1748-5991.2009.01062.x

‍ ‍

40. C. I. Gutierrez and G. Marchant, A Global Perspective of Soft Law Programs for the Governance of Artificial Intelligence, Center Law, Sci. Innov., Sandra Day O’Connor Coll. Law Arizona State Univ., Phoenix, AZ, USA, 2021.

‍ ‍

41. Aust. Gov., Aust. Inst. Family Stud., Southbank, VIC, Australia ). Child Family Community Australia: Online Safety. ( 2018 ). Accessed: Apr. 10, 2023. [Online]. Available: https://aifs.gov.au/cfca/publications/online-safety

‍ ‍

42. E. Ronchi and L. Robinson, “Child protection online,” in Educating 21st Century Children: Emotional Well-being in the Digital Age, T. Burns and F. Gottschalk, Eds., Paris, France : OECD, 2019, ch. 10. Accessed: Apr. 10, 2023. [Online]. Available: https://www.oecd-ilibrary.org/sites/796ac574-en/index.html?itemIdensuremath{=}/content/component/796ac574-en

‍ ‍

43. ( Eur. Union Agency Fundam. Rights, Vienna, Austria ). Child Rights Impact Assessment. [Online]. Available: Apr. 10, 2023. https://fra.europa.eu/en/content/child-rights-impact-assessment

‍ ‍

44. ( U.K. Counc. Child Internet Saf., Gov. U.K., London, U.K. ). Child Safety Online: A Practical Guide for Providers of Social Media and Interactive Services. 2016, Accessed: Apr. 10, 2023. [Online]. Available: https://www.gov.uk/government/publications/child-safety-online-a-practical-guide-for-providers-of-social-media-and-interactive-services/child-safety-online-a-practical-guide-for-providers-of-social-media-and-interactive-services

‍ ‍

45. ( UNICEF, New York, NY, USA ). MO-CRIA: Child Rights Impact Self-Assessment Tool for Mobile Operators. ( 2021 ), Accessed: Apr. 10, 2023. [Online]. Available: https://www.unicef.org/reports/mo-cria-child-rights-impact-self-assessment-tool-mobile-operators

‍ ‍

46. ( U.K. Counc. Child Internet Saf., Gov. U.K., London, U.K. ). Education for a Connected World: A Framework to Equip Children and Young People for Digital Life. Accessed: Apr. 10, 2023. [Online]. Available: https://www.gov.uk/government/publications/education-for-a-connected-world

‍ ‍

47. ( Aust. Gov., Canberra, ACT, Australia ). eSafety education: eSafetyCommissioner. Accessed: Apr. 10, 2023. [Online]. Available: https://www.esafety.gov.au/educators

‍ ‍

48. S. Crowne ( BECTA, Coventry, U.K. ). Safeguarding Children in a Digital World: Developing an LSCB e-Safety Strategy. ( 2008 ). Accessed: Apr. 10, 2023. [Online]. Available: https://dera.ioe.ac.uk/7372/2/A9R40BD_Redacted.pdf

‍ ‍

49. ( U.K. Counc. Child Internet Saf., Gov. U.K., London, U.K. ). Digital Resilience Framework. 2020. Accessed: Apr. 10, 2023. [Online]. Available: https://www.gov.uk/government/publications/digital-resilience-framework

‍ ‍

50. ( LGfL, London, U.K. ). Safeguarding: Keeping Children Safe With LGfL DigiSafe: The National Grid for Learning. 2020. Accessed: Apr. 10, 2023. [Online]. Available: https://national.lgfl.net/digisafe

‍ ‍

51. S. Mukherjee, K. Pothong, S. Livingstone ( 5Rights Found., London, U.K. ). Child Rights Impact Assessment: A Tool to Realise Child Rights in the Digital Environment. 2021. Accessed: Apr. 10, 2023. [Online]. Available: https://digitalfuturescommission.org.uk/wp-content/uploads/2021/03/CRIA-Report.pdf

‍ ‍

52. ( ENOC, Dubai, UAE ). Child Rights Impact Assessment. 2020. Accessed: Apr. 10, 2023. [Online]. Available: https://enoc.eu/what-we-do/annual-advocacy-areas/child-rights-impact-assessment/

‍ ‍

53. ( UNICEF, New York, NY, USA, Eur. Comm., Brussels, Belgium ). Child Rights Toolkit: Integrating Child Rights in Development Cooperation. 2014. Accessed: Apr. 10, 2023. [Online]. Available: https://www.unicef.org/bih/media/726/file/EU-UNIC%20Chi%20Righ%20Toolk%20.pdf

‍ ‍

54. T. Crepax, V. Muntés-Mulero, J. Martinez, and A. Ruiz, “Information technologies exposing children to privacy risks: Domains and children-specific technical controls,” Comput. Stand. Interfaces, vol. 82, Aug. 2022, Art. no. 103624. [Online]. Available: https://doi.org/10.1016/j.csi.2022.103624

‍ ‍

55. R. M. Henderson and K. B. Clark, “Architectural innovation: The reconfiguration of existing product technologies and the failure of established firms,” Administ. Sci. Quart., vol. 35, no. 1, pp. 9–30, Mar. 1990. [Online]. Available: https://doi.org/10.2307/2393549rightlinenumbers

‍ ‍

56. R. Abbas, K. Michael, M. G. Michael, C. Perakslis, and J. Pitt, “Machine learning, convergence digitalization, and the concentration of power: Enslavement by design using techno-biological behaviors,” IEEE Trans. Technol. Soc., vol. 3, no. 2, pp. 76–88, Jun. 2022, doi: 10.1109/TTS.2022.3179756.

‍ ‍

57. M. Patterson, K. Michael, J. Dawson, and T. Akuetteh, “Is it technically possible to make the digital world age appropriate?,” presented at the WSIS Forum 2022, ICTs for Wellbeing, Inclusion, and Resilience. Accessed: May 11, 2022. [Online]. Available: https://www.itu.int/net4/wsis/forum/2022/en

‍ ‍

58. K. O Sullivan, A. de Casanove, E. Øverby, and K. Michael, “Closing the digital divide: How standards can strengthen digital literacy and improve access to digital technologies,” IEEE standard 2089-2021. Accessed: Jun. 8, 2022. [Online]. Available: https://unece.org/sites/default/files/2022-06/Michael-Presentation-070622v1.pdf

‍ ‍

59. ( Assoc. Press, Hoboken, NJ, USA ). Fortnite Maker Epic Games to Pay US\$520M in Penalties and Refunds After Complaints Over Children’S Privacy. Accessed: Dec. 20, 2022. [Online]. Available: https://www.9news.com.au/technology/fortnite-maker-epic-games-to-pay-520m-to-settle-ftc-cases/e69c5454-4b2c-4d8f-b5b6-1dfb801b02ba

‍ ‍

60. A. Satariano, “Meta fined \$400 million for treatment of children’s data on Instagram.,” New York Times. Accessed: Sep. 5, 2022. [Online]. Available: https://www.nytimes.com/2022/09/05/business/meta-children-data-protection-europe.html

‍ ‍

61. ( Federal Trade Comm., Washington, DC, USA ). Google and YouTube Will Pay Record \$170 Million for Alleged Violations of Children’s Privacy Law. FTC, New York Attorney General Allege Youtube Channels Collected Kids’ Personal Information Without Parental Consent. Accessed: Sep. 4, 2019. [Online]. Available: https://www.ftc.gov/news-events/news/press-releases/2019/09/google-youtube-will-pay-record-170-million-alleged-violations-childrens-privacy-law

‍ ‍

62. ( Apple Inc., Cupertino, CA, USA, Federal Trade Comm., Washington, DC, USA ). Will Provide Full Consumer Refunds of At Least \$32.5 Million to Settle FTC Complaint It Charged for Kids’ In-App Purchases Without Parental Consent. Accessed: Jan. 15, 2014. https://www.ftc.gov/news-events/news/press-releases/2014/01/apple-inc-will-provide-full-consumer-refunds-least-325-million-settle-ftc-complaint-it-charged-kids

‍ ‍

63. D. Milmo. “Instagram owner Meta fined 405m over handling of teens’ data.” The Guardian. Accessed: Sep. 6, 2022. [Online]. Available: https://www.theguardian.com/technology/2022/sep/05/instagram-owner-meta-fined-405m-over-handling-of-teens-data

‍ ‍

64. S. Sharma and M. Hill. “The biggest data breach fines, penalties, and settlements so far: 6. Instagram.” Accessed: Apr. 26, 2024. [Online]. Available: https://www.csoonline.com/article/567531/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html

‍ ‍

65. ( Federal Trade Comm., Washington, DC, USA ). FTC and DOJ Charge Amazon with Violating Children’s Privacy Law by Keeping Kids’ Alexa Voice Recordings Forever and Undermining Parents’ Deletion Requests: Proposed Order to Require Amazon to Pay \$25 Million and Delete Children’s Data, Geolocation Data, and Other Voice Recordings, Federal Trade Commission. Accessed: May 31, 2023. [Online]. Available: https://www.ftc.gov/news-events/news/press-releases/2023/05/ftc-doj-charge-amazon-violating-childrens-privacy-law-keeping-kids-alexa-voice-recordings-forever

‍ ‍

66. ( Dept. Justice, Off. Public Aff., Washington, DC, USA ). Microsoft Agrees to Pay \$20 Million Civil Penalty for Alleged Violations of Children’s Privacy Laws. Accessed: Jun. 12, 2023. [Online]. Available: https://www.justice.gov/opa/pr/microsoft-agrees-pay-20-million-civil-penalty-alleged-violations-children-s-privacy-laws

‍ ‍

67. Staff (Reuters, London. U.K.). U.K. Watchdog Fines TikTok \$16 mln for ‘Misusing Children’S Data’. Accessed: Apr. 4, 2023. [Online]. Available: https://www.reuters.com/technology/tiktok-fined-16-mln-by-uk-watchdog-misusing-childrens-data-2023-04-04/

‍ ‍

68. A. S. Levine, “TikTok hit with US\$370M fine over children’s privacy missteps,” Forbes. Accessed: Sep. 18, 2023. [Online]. Available: https://www.forbes.com.au/news/world-news/tiktok-hit-with-370m-fine-in-europe-over-childrens-privacy

‍ ‍

69. K. Michael, J. R. Schoenherr, and K. M. Vogel, “Failures in the loop: Human leadership in AI-based decision-making,” IEEE Trans. Technol. Soc., vol. 5, no. 1, pp. 2–13, Mar. 2024, doi: 10.1109/TTS.2024.3378587.

‍ ‍

70. J. Pitt, “Toxic technology,” IEEE Technol. Soc. Mag., vol. 42, no. 1, pp. 6–11, Mar. 2023, doi: 10.1109/MTS.2023.3240207.

‍ ‍

71. R. Abbas, J. Pitt, and K. Michael, “Socio-technical design for public interest technology,” IEEE Trans. Technol. Soc., vol. 2, no. 2, pp. 55–61, Jun. 2021, doi: 10.1109/TTS.2021.3086260.

‍ ‍

72. K. Michael, R. Abbas and J. Pitt, “Maintaining control over AI,” Issues Sci. Technol. vol. 37, no. 3, 2021. Accessed: Apr. 10, 2023. [Online]. Available: https://issues.org/debating-human-control-over-artificial-intelligence-forum-shneiderman/

‍ ‍

73. G. E. Marchant, “Addressing the pacing problem,” in The Growing Gap Between Emerging Technologies and Legal-Ethical Oversight. Dordrecht, The Netherlands : Springer, 2011, pp. 199–205.

‍ ‍

74. R. Abbas, S. Hamdoun, J. Abu-Ghazaleh, N. Chhetri, N. Chhetri, and K. Michael, “Co-designing the future with public interest technology,” IEEE Technol. Soc. Mag., vol. 40, no. 3, pp. 10–15, Sep. 2021, doi: 10.1109/MTS.2021.3101825.

‍ ‍

75. R. Abbas, K. Michael, J. Sargent, and E. Scornavacca, “Anticipating techno-economic fallout: purpose-driven socio-technical innovation,” IEEE Trans. Technol. Soc., vol. 2, no. 3, pp. 111–113, Sep. 2021, doi: 10.1109/TTS.2021.3098046.

‍ ‍

76. A. Zalewski, “Risk appetite in architectural decision-making,” in Proc. IEEE Int. Conf. Softw. Archit. Workshops (ICSAW), 2017, pp. 149–152, doi: 10.1109/ICSAW.2017.38.

‍ ‍

77. L. Munn, “The uselessness of AI ethics,” AI Ethics, vol. 3, pp. 869–877, Aug. 2023. [Online]. Available: https://doi.org/10.1007/s43681-022-00209-w

‍ ‍

78. B. Lundgren, “In defense of ethical guidelines,” AI Ethics, vol. 3, pp. 1013–1020, Aug. 2023. [Online]. Available: https://doi.org/10.1007/s43681-022-00244-7

‍ ‍

79. S. Ferrarello, Husserl’s Ethics and Practical Intentionality. London, U.K. : Bloomsbury, 2015.

‍ ‍

80. A. Mele and S. Sverdlik, “Intention, intentional action, and moral responsibility,” Philos. Stud., Int. J. Philos. Anal. Tradit., vol. 82, no. 3, pp. 265–287, Jun. 1996. [Online]. Available: http://www.jstor.org/stable/4320677

‍ ‍

81. P. Donati, “Globalization of markets, distant harms and the need for a relational ethics,” Rivista Internazionale di Scienze Sociali, vol. 125, no. 1, pp. 13–42, 2017. [Online]. Available: https://ideas.repec.org/a/vep/journl/y2017v125i1p13-42.html

‍ ‍

82. Standard for online age verification,” IEEE Standard P2089.1, 2024. [Online]. Available: https://standards.ieee.org/ieee/2089.1/10700/

‍ ‍

83. Standard for terms and conditions for children’s online engagement,” IEEE Standard P2089.2, 2024. [Online]. Available: https://standards.ieee.org/ieee/2089.2/11594/

‍ ‍

84. IEEE standard for an age appropriate digital services framework based on the 5rights principles for children,” IEEE Standard 2089-2021, Accessed: Nov. 30, 2021, doi: 10.1109/IEEESTD.2021.9627644.

‍ ‍

85. K. Michael, R. Abbas, and S. Papagiannidis, “The social implications of XR: Promises, perils, and potential,” IEEE Technol. Soc. Mag., vol. 43, no. 1, pp. 91–108, Mar. 2024, doi: 10.1109/MTS.2024.3370023.

‍ ‍

86. M. Gjølberg, “The political economy of corporate social responsibility,” Ph.D. dissertation, Dept. Polit. Sci., Univ. Oslo, Oslo, Norway, Nov. 2011.

‍ ‍

87. K. Michael and R. Abbas, Soft Law for Age-Appropriate Digital Design for Children: A Case Study on IEEE 2089–2021 (R10Talk#12: Building Trust Through IEEE SA Standards). Accessed: Oct. 12, 2023. [Online]. Available: https://www.youtube.com/watch?v=Uvntcwbj3qc

‍ ‍

88. Z. Agha, “To nudge or not to nudge: Co-designing and evaluating the effectiveness of adolescent online safety nudges,” in Proc. 22nd Ann. ACM Interact. Design Child. Conf., 2023, pp. 760–763. [Online]. Available: https://doi.org/10.1145/3585088.3593923

‍ ‍

89. S. Livingstone, K. Ólafsson, E. J. Helsper, F. Lupiáñez-Villanueva, G. A. Veltri, and F. Folkvord, “Maximizing opportunities and minimizing risks for children online: The role of digital skills in emerging strategies of parental mediation,” J. Commun., vol. 67, no. 1, pp. 82–105, Feb. 2017. [Online]. Available: https://doi.org/10.1111/jcom.12277

‍ ‍

90. K. Grodecki, A. Goulding, and N. Suraweera, “Building strong digital foundations: Digital fluency-focused partnerships among early childhood education service providers and public libraries in Aotearoa New Zealand,” J. Aust. Lib. Inf. Assoc., pp. 1–23, Aug. 2024. [Online]. Available: https://doi.org/10.1080/24750158.2024.2386643

‍ ‍

91. K. Young, “Children and technology: Guidelines for parents-rules for every age,” IEEE Technol. Soc. Mag., vol. 36, no. 1, pp. 27–29, Mar. 2017, doi: 10.1109/MTS.2017.2670223.

‍ ‍

92. M. Patterson, K. Michael, L. Barrington-Leach, and S. Wormer, Open Source and Age Appropriate Design for Children (IEEE SA Open: Serious Open Source Webinar Series). Accessed: Sep. 14, 2023. [Online]. Available: https://www.youtube.com/watch?v=HQY8zZnbFu4

‍ ‍

93. K. Michael (introduction by Moira Patterson), “Innovation and Age-Appropriate Digital Design for Children: A Case Study on IEEE 2089-2021,” presented at IEEE SA Standards Fellowship Program, Dec. 2023. [Online]. Available: https://standards.ieee.org/about/intl/standards-fellowship-program/

‍ ‍

94. K. Michael and R. Abbas, Corporate Social Responsibility and Soft Law Developments in the Design of Digital Services for Children, IEEE Standard 2089.2021 (Social Responsibility in the Computing Profession—ACM Special Interest Group on Computers and Society (SIGCAS)),” Sep. 14, 2022.

‍ ‍

95. K. Karachalios (Moderator), K. Michael, and T. Lomas, Participative Design for Technological and Human Flourishing Transformation (Happy Digital and Flourishing City Forum: Profound Systemic Transformations for Impacted Bureaucratic Reforms, hosted at the National Institute of Public Administration Republic of Indonesia, Central Jakarta). Accessed: Jan. 25, 2024. [Online]. Available: https://www.youtube.com/watch?v=S0PAZKUA2pE

‍ ‍

96. K. Michael and R. Abbas, “A standard for age-appropriate digital services design: From principles to practice,” presented at Ministry of Communications and Informatics (KomInfo); Government Regulation on The Governance of Child Protection in Electronic System Operations, Virtual (Jakarta), Indonesia, Accessed: Aug. 15, 2023.

Author

Katina Michael

School for the Future of Innovation in Society, Arizona State University, Tempe, AZ, USA

School of Computing and Augmented Intelligence, Arizona State University, Tempe, AZ, USA

ACKNOWLEDGMENT

The author would like to acknowledge all individuals involved in the development of the IEEE 2089–2021 Standard, specifically the Age Appropriate Digital Services Framework Working Group members, the IEEE Standards Association Standards Board, and the IEEE Consumer Technology Society. The author would like to extend gratitude to Professor Moshe Vardi of Rice University who encouraged her to complete a full write-up of this work during a joint presentation she delivered in September 2022 [94]. It is important to acknowledge that the standard has been embedded into emergent legislation in several countries already, including Indonesia [95], [96].

Citation: K. Michael, "Mitigating Risk and Ensuring Human Flourishing Using Design Standards: IEEE 2089–2021 an Age Appropriate Digital Services Framework for Children," in IEEE Transactions on Technology and Society, vol. 5, no. 4, pp. 342-354, Dec. 2024, doi: 10.1109/TTS.2024.3453396.

Previous
Previous

Locational Data and the Public Interest

Next
Next

Automating Higher Education Through Artificial Intelligence?