Cyberbullying, Data Protection, and Moral Panic

Moral panic is scarier than creepy children’s stories

I was invited last Tuesday to a radio interview along with Mark Smyth of the Psychological Society of Ireland and Ivan Yates on Newstalk to talk about “The Momo Challenge” and how to protect your children from cyberbullying. Happily, I think it was a positive and constructive discussion. I figured I’d elaborate on my points a little here.

What is the “Momo Challenge“? It’s basically a recent iteration of games children play to scare themselves. Mark Smyth mentioned reciting “Bloody Mary” several times in front of the mirror as similar thing that adults may be familiar with from their childhoods. The new twist is that it now involves WhatsApp or other social media communications. If you read RTE, The Mirror, The Sun, and other recent articles, there have been recent warnings from the Gardaí and claims that the “Momo Challenge” is linked to cyberbullying and teen suicides. Here, I had to raise alarms in the conversation, but not the perhaps expected alarms about online safety. These stories bear all the hallmarks of a Moral Panic. While media attention on this online game popped up last summer with attempts to link a teen suicide in Argentina to the game, there is no evidence I’ve seen of any actual link between “Momo” and harm.

Media discussion of stories relating to moral panics often turns to demands that “there should be a law to stop this”. Online harassment and abuse (also known as cyberbullying) are real harms that children and teens are subjected to. Of course we want to protect our children from harm, so we often see calls for new laws to stop cyberbullying. This is in itself dangerous, particularly as a reaction to a moral panic. Laws need to be carefully constructed to prevent abuse . . . not just in regulating actions that might cause harm, but to prevent the legislation being used abusively. We are always trying to balance rights, and when planning new things, whether it’s code, laws, or technologies, we need to keep in mind the possibility of abuse. Legislation in reaction to Moral Panic or public hysteria results in unnecessary, overly punitive, and easily abusable laws that infringe upon our fundamental rights. Trying to regulate specifically for things like the Momo Challenge would be like trying to ban dice because you heard that kids playing fantasy roleplaying games were being lured into Satanism. And practically speaking, how do you think you can ban a children’s game without going full-on “Big Brother” authoritarian dystopia?

When it comes to online bullying and abuse, it’s also important to remember that old laws don’t disappear with new technologies. We already have laws that relate to the harms we want to prevent. For example in Ireland, harassment is covered by the Non-Fatal Offences Against the Person Act, 1997. This includes “persistently following, watching, pestering, besetting or communicating with a person” (including by use of the telephone), and by one’s acts, “intentionally or recklessly, seriously interfering with the other’s peace and privacy” or causing “alarm, distress or harm” to a person. Additionally, the Communications Regulation (Amendment) Act 2007 includes provisions on indecent or menacing text messages. These actions likely cover most of the cyberbullying harms people want to regulate for. The issue is more enforcement than regulation. The most comprehensively drafted of laws isn’t much good without enforcement. We need effective enforcement of the laws we have, not more unenforced and unenforceable laws.

If we take a step back from the question of regulating the internet, though, this can be a good teaching moment. Parents are naturally very concerned about the safety of their children online. It’s a scary world out there, and there are real risks and harms. Children may be playing this game or similar games. Some may think it’s dumb and be unimpressed, others may be genuinely frightened. This may be a good reminder to listen to your children and open dialogue with them to address the concerns they have about navigating social media and the internet. Listen to your children. Make sure you talk with them to help them understand the issues they face.

And remember, we’re all learning about this ourselves. Adults need data literacy and information security education too. The mechanism of the “challenge” isn’t too far different from “phishing” scams targeted at adults. It’s the basic trigger that is used to hook admins into sending money to the CEO allegedly stranded on a desert island, or for people to send money to scammers who claim to have used your stolen password to upload porn to your hard drive. We all need to learn better data security practices!

This can be an opportunity for parents to proactively engage with their children on internet safety and privacy, and how to protect yourself online. But, it’s important not to let your perception of threat to override the real concerns children have. As Mark Smyth pointed out, the risks and harms for children when it comes to “cyberbullying” are much more likely to be social exclusion linked to in-person bullying.

That said, right now is a very good time for parents and children to help shape the conversation around their data rights and concerns. The Data Protection Commission is running a public consultation on the rights of children of data subjects and the processing of their data.  The deadline for input has been extended to 4 April, and The DPC really wants to hear from children about their experiences, expectations, and concerns. You can find more out at: https://www.dataprotection.ie/en/news-media/blogs/have-your-say-childrens-data-protection-rights-0

To sum up:

1.      The reactions to Moral Panics are often far more harmful than the thing people are afraid of.

2.      Children and adults alike can fall prey to phishing scam mechanisms. Learning to protect yourself online is important.

3. Listen to your kids. Take their concerns seriously, and use them as opportunities for relationship building and data literacy learning.

4.      If you can take the time, contribute to the Data Protection Commission’s public consultation on the rights of children as data subjects!