This week is Data Privacy Week: a time to take a hard look at how your personal information gets collected, studied, and quietly shared with third parties. We're shining a light on problems most people assume are handled behind the scenes but can cause real harm to families and organizations. At the top of that list? Kids' privacy online. Recent headlines about Google paying millions to settle allegations over tracking children's data show exactly how high the stakes are, and why this needs to be more than a once-a-year conversation.
When "kid-safe" isn't actually safe
Few things hit harder than finding out that apps stamped “for families” were quietly tracking kids the whole time. In Google’s “Designed for Families” program, some of those apps still ran code from AdMob, a Google-owned data broker that sits behind the scenes, scooping up information and feeding it into the ad machine. Data brokers like AdMob specialize in collecting, combining, and selling or sharing data about people — pulling in IP addresses, device IDs, app usage, and even precise location — from a huge number of apps and services so companies can target users with hyper-specific advertisements. In this case, that meant AdMob’s software harvested children’s identifiers and location data down to a few meters and funneled it into targeted advertising systems, all without parents ever giving meaningful consent.
This wasn’t a glitch or a one-off mistake: it was the predictable outcome of design choices that put ad revenue ahead of privacy. Unfortunately, this wasn’t just apps. Google-owned YouTube was also called out for tracking kids on child-focused channels and using that data for behavioral ads between 2013 and 2020, even after it had already been hit with a massive COPPA fine in 2019, underscoring how deeply embedded this tracking mindset is in the online ecosystem.
How do data brokers get their data?
A large amount of the information used by data brokers like AdMob is harvested from your smartphone via secret snippets of code that are baked right into your apps. This form of clandestine tracking comes from Software Development Kits (SDKs). These hidden SDKs are bundles of code that developers plug in to an app to add features like analytics, ads, or location services. Sometimes, these are features that the user has opted into.
However, there is a global industry of hidden tracking SDKs that are built specifically to collect data — such as your location, device identifiers, and usage patterns — and send it back to third parties for profiling, advertising, or reselling. These SDKs are often only identified by analyzing an app’s source code, which is no simple task. That makes the privacy invasion invisible to users and, because many apps often incorporate the same SDKs, they can gather information via hundreds or even thousands of different apps that are downloaded by millions of people and correlate the information.
Even experts have to work hard to untangle what these SDKs are doing. The Director of our Cybersecurity program, Sean O’Brien has led detailed investigations into location‑tracking SDKs in smartphone apps. In his time leading ExpressVPN’s Digital Security Lab, he mapped out location tracking by hundreds of popular apps that were downloaded by millions.
If it takes dedicated research to understand how your privacy is being violated, that means these are big problems that won’t be solved overnight. However, that doesn’t mean you and your family are powerless.
What Parents Can Actually Do
Unplugging entirely isn't realistic when your family’s schoolwork, entertainment, and social lives all occur on screens. But you can dial down the risk in some simple, concrete ways.
- Turn off ad personalization on devices kids use so they’re harder to profile.
- Audit app permissions and privacy settings regularly and strip out anything that isn’t truly necessary. Get to know your smartphone’s privacy menus!
- Check for running apps on your child’s phone, and close or disable anything you don’t recognize or that doesn’t need to be active right now. Games are often a privacy issue.
- Stop apps from running in the background to stop them from constantly accessing data, location, or the network. Weather and news apps are often the worst.
- Uninstall apps you don’t need. Every extra app is another potential tracker, and most apps have many snippets of tracking code. Lean toward “if it’s been a month, it goes.”
These tips are just the start of a process of becoming more private and secure, and there are no simple solutions. If someone is promising a “magic bullet” to the world’s privacy problems, they’re just trying to sell you something.
This Is a Technology Problem, Not a Parenting Problem
The privacy of children on the internet is often framed as something parents should manage through settings, supervision, or screen time limits. In reality, the real power sits with the companies building these systems and the professionals designing them. Recent updates to Federal regulations like COPPA make that clear, with stricter opt-in requirements for targeted advertising to children, broader definitions of personal information that now include biometrics and government issued identifiers, and limits on how long children’s data can be stored.
Cybersecurity and privacy professionals are the ones who can verify whether claims like “we don’t track kids” are actually true in code and configuration.
How Bay Path Prepares You to Be Part of the Solution
At Bay Path University, cybersecurity is not taught as a narrow technical exercise or a checklist task. It is taught as a responsibility to protect people, especially those who have no say in how their data is collected, such as children. Our MS in Cybersecurity program prepares students to tackle complex challenges across technical, organizational, and strategic domains, blending hands-on skills with investigative thinking and ethical decision-making.
Through coursework in digital forensics, intrusion detection, incident response, data analytics, and crisis management, students learn how real systems fail and how to design them better. Cases like the Google and YouTube settlements are studied as warnings, not footnotes.
Data Privacy Week is a reminder that collecting private data about children is a line not to cross, and it is cybersecurity professionals who decide whether systems respect it. If you want to be one of them, applying for the MS in Cybersecurity at Bay Path University is the perfect step to start that journey.
