Sharing of Children Online Information by Parents: The Legal and Parental Control in Malaysia

Social media content significantly contributed to the infringement of children’s online privacy. The images and information about children shared by parents (sharenting) become easy targets to be used for illicit purposes. The primary question centres around the principle that parents are legally responsible for their children. The UN Convention on the Rights of the Child (CRC) 1989 recognises the main responsibility of parents for the upbringing and development of a child including the best interest of the child. Parents ought to protect the privacy of their children by making informed decisions when sharing the information and images of their children online. The research aims to examine the extent of the legal and parental control over the sharing of children information online by parents. The research employs a qualitative method and applies a content analysis approach. The research concludes that there is insufficient legal and parental control to address the above issues and requires statutory amendments and collective efforts to reconcile the matter.


Introduction
In the world of Internet of Things (IoT), Big Data and Artificial Intelligence (AI), there is always a general concern about the potential intrusion of online privacy, particularly dealing with children. In Malaysia, Digi Telecommunications, CyberSAFE in Schools: A National Survey Report (2014) reported that children have actual worries about consuming the Internet related to the anonymity of netizens they are communicating with, and invasion of their privacy. Despite 40% of children in the survey were aware of the online danger, they still adopted low levels of online protection against their privacy and security.
Modern parents share photos and news of their children on Instagram and other online social networks on daily basis, which is also known as "sharenting" (Minkus et al., 2015;Holiday, 2020;Sarkadi, 2020). The shared information by parents on social media enabling the exploitation of information by offenders without the consent of guardians. In 2018, numerous parents were horrified to discover that their children's online pictures had been stolen and used on other social media profiles with a different storyline including images of "sweet snaps" of children in disturbing ways (Cambridge, 2018).
Data on children activities online such as gaming is tracked, collected, and exported to third parties by the network providers without notice to the children and the parents. These exploitations are categorised as pursuits of online profiling, online spying, behavioural targeting (Borgesius, 2015) and cyberstalking (Hamin, 2020). The Malaysian Communications and Multimedia Commission (MCMC) has received 652 complaints in 2015 and the number is increasing until 2020, mostly on the spread of indecent photos and videos of complainants across all age groups (Moh, 2016). As a result of the complaints, MCMC raided 11 locations in several states to control abuse of social media and most of the offences were the act of transmitting pornographic content including children images (MCMC, 2019).
The past empirical study strongly supported the notion that parents, and other adults can unintentionally threaten the privacy of children by overcommunicating on online social networks (Minkus et al., 2015). According to Minkus et al. well-meaning parents unintentionally compromise their child's privacy by exposing innocent updates on Facebook and Instagram. The role of parents and parenting practices are crucial in their children's online privacy (Minkus et al., 2015;Hamid, 2020). In light of the above discussions, the objective of the paper is to analyse the Malaysian legal provisions on the obligations of the parents under the laws to control the sharing of their children online communication.

Method
This paper engages a qualitative and doctrinal research method and applies a content analysis approach where the normative facets of the selected laws are examined. It comprises primary and secondary sources through the library-based research. Whilst the first encompasses of Malaysian legislation, policies and judicial decisions, the latter constitutes a significant proportion of online databases content including IEEE Xplore, LexisNexis and others.
This research adopts the theory of a child's right to an open future by Feinberg (1980). Feinberg highlighted that a child's future option must be kept open until a child is able to decide based on own preference. In this context, a parent is regarded as violating a child's right if sharing of information leads to a closing of an opportunity or an option. Dietrich (2020) argued that if a right to an open future constitutes a legal entitlement, the political and state interventions are welcomed to control parental authorities. Fig.1 shows the nexus of sharing of information by parents and the violation of a child's right leading to the regulating of parental dissenting. Within this backdrop, this paper examines the applicability of the Malaysian legal provisions to grant protection of the children's online privacy using the legal framework in Table 1 below. The implications of closing of a child's opportunities or options are argued as an intrusion of a child's privacy. Furthermore, the paper also highlights the possibility of the act of sharing information becoming harmful to the child's digital well-being and physical safety.

Children online privacy
Children's right to request for their personal data to be corrected or to be removed from the internet and the right to refrain to parents, media and the third party from sharing online information digital literacy skills on sharing of information The legitimation of the state interventions into parental discretions is explored under the existing laws, namely the Sexual Offences Against Children Act 2017, the Communications and Multimedia Act 1998, the Penal Code, the Child Act 2001 and the Personal Data Protection Act 2010. In addition to legal control, Fig.2 illustrates the discussions on the extent of parental and children control over shared information online.

Results and Discussion
This section discusses the sharing of information by parents and the exploitation of the information. The study establishes that there is an intrusion of privacy by parents when they share information and images of their children online. The ability of the parent(s) to make an informed decision on the type and extent of shared information, their digital skills to prevent exploitation for illicit purposes and the educational measures are also examined in this section. The focal discussion is on the legal protection against the intrusion of children online privacy and the legal liability of parents for sharing the information online. The paper also analyses the statutory position of the children themselves for their right to privacy, specifically to take control of the shared information online. The research implication is a guideline to assist the relevant authorities to enhance the current initiatives in controlling the sharing of information by parents.

Sharing of Online Information
Between 66%-98% of parents posted pictures of their children online starting from early pregnancy, the birth of a baby and day one of a child at school (Minkus et al., 2015). In 2018, 24.6 million Malaysian users had actively used five social networking platforms, they are Facebook (97.3%), Instagram (57.0%), Youtube (48.3%), Google+ (31.3%) and Twitter (23.8%) (MCMC, 2018). The MCMC reported that 61.8% of them shared content online with the following purposes  Table 3 above shows that sharing of information online is for well-intended reasons including for a good cause such as raising awareness about an issue. It can also be said that parents sharing information about their children without the intention or knowledge that the information or images of their children become easy targets to be used inappropriately and uploaded on pornographic websites (Hamid et al., 2019). A chat group with hundred members indecently discussing a screenshot about a prepubescent girl dressed in a swimming costume is an alarming fact that parents are unaware that they are contributing photos of their children online for illicit purposes (Moh, 2016). Photos shared on news and achievements of a daughter or a son using social media are common practices by parents. A birthday girl wearing princess clothes or a boy holding a gold medal are examples of pictures that received many likes within the family members and the parents' cycle of friends. The popularity of the parents may accelerate the process and the photos may go viral. A picture is worth a thousand words. Those with ability and mala fide intentions can profile a child by accessing an image. Basic information of a child daily routine including the location of the school and playground can be gathered by them. The shared children information raises concern on the children safety and the children may face collateral risk because of the online exposure. Table 4 above summarises the type of threat that affect the lives of the children in many aspects, sectors and dimensions.

The Malaysian Constitutional and Statutory Position of a Child Right to Privacy
Article 5(1) of the Federal Constitution states that "no person shall be deprived of his life or personal liberty save in accordance with law". The phrase "life or personal liberty" had been argued to include a right to privacy in numerous cases. The case of Sivarasa Rasiah made a breakthrough to extend the right to personal liberty to include the right to privacy to an adult (2010). In the same year also marked the first case to acknowledge the intrusion of privacy as an actionable tort under the case of Lee Ewe Poh involving a female adult patient complaining about a medical procedure of a surgeon taking and keeping photographs of the intimate part without her knowledge (2010). Preparing to make, produce or direct the making or production of child pornography as offences.
Prohibit the act of exchanging, publishing, and selling of the child pornography material(s).

Penal Code
Circulation of obscene materials, dealing with sale and distribution of obscene material The intrusion upon the privacy of a person by word or gesture including exhibiting any object.

The Personal Data Protection Act 2010
The exploitation of personal data in commercial transactions without the consent of an adult.
Yes, for commercial transaction No   Table 5 provides for a list of laws that controls circulations and manipulations of online content including the Child Act 2001 for abandonment of a child without supervision. However, none of the legislation clearly addresses the prohibition on sharing of personal information on social media by third parties or parents.
There is a legal control on sharing offensive information online by making it an offence to circulate indecent or offensive information. According to para 2.5 of the Malaysian Communications and Multimedia Content Code, online content for children must not include "references to sexual practices, language or materials that are offensive to the standards of decency prevailing among those likely to be exposed to them" (CMCF, 2004). However, sharing of non-offensive information is not prohibited under the laws. Since the information is shared on the public domain and freely accessible to all, it is not prohibited by law per se. In other words, it is not an invasion of privacy for collecting or sharing of nonoffensive information in the public domain. In the case of Sherrina Nur Elena, photographs were taken during beauty pageants and were published in the local newspapers years ago were later produced by the defendant on its products and billboard advertisements. The court rejected the argument of invasion of privacy since the photographs are in the public domain. Similarly, in the case of Ultra Dimension, the court rejected the claim of invasion of privacy by parents of kindergarten pupils against reporters that randomly photographed a group of kindergarten children at an open area outside their school and published the photos in local newspapers (2001). The taking of photographs at the public domain is not prohibited under the law. However, the court may consider a cause of action if a photograph of a child was highly offensive and illustrated a child in an embarrassing position. The law also does not grant the right for children to protect their privacy by requesting for amendment, correction, or removal of their personal information. The laws listed in table 6 do not expressly grant the children the right to give or refuse consent in sharing information in the public domain. The children also do not have the right to refrain to parents, media or third-party form sharing information online as illustrated in table 6. In conclusion, there is a limited legal protection against the intrusion of children online privacy and the legal liability of parents for sharing the information online. The protection is only against indecent and offensive content. There is also no statutory position granting children the right control information online.

Parental Control
Parents or legal guardians are primarily accountable for the upbringing and development of a child (Hamid et al., 2020), and mainly a concern for the best interest of the child as Parents or legal guardians are potential contributors to child information and picture made available online. There is yet a national survey on the precautionary action taken by parents before sharing information online. But a general national survey conducted in Malaysia found that internet users have taken precautionary actions before sharing online content including understanding the content (90.8%), ensuring content not obscene, menacing, offensive (85.8%), valid and accurate (79.4%), verified content from a reliable source (77.0%) and only 4.4% done none of the above (MCMC, 2018). It is safe to say that sharing of children's information and images is done by taking measures to ensure with validity, accuracy and content from a reliable source. It is also important to address whether parents are aware of the control they can set on the children's usage of the internet and shared information online. MCMC highlighted that 62.4% of Malaysian parents among Internet users were aware of parental control and 37.6% were not aware. Parents have taken action to ensure child online safety in the following initiatives: Discussed with child about online safety 71.1% 4 Checked child's social media account/ browser history 57.5% 5 Used parental control service in child's device 12.2% 6 None 7.4% Based on this report, out of 62.4% of parents who were aware of parental control, only 12.2% were using parental control service in the child's device. The usage is low considering that other measures cannot be performed 24/7 except for checking a child's account or browser history which may be wholly or partially erased by a child. Nonetheless, these measures and reports do not specifically address the potential intrusion of children's online privacy contributed by parents or legal guardians sharing information or images of their children.
Another initiative for parental control is parental consent in data collection of children. In the United States (US) and the United Kingdom (UK), legal measures have been introduced for the protection of children online privacy including the requirement for parental consent in data collection of children under the age of 13 years old in the US and the age of 16 years old in the UK (Nyst et al., 2018). However, this initiative does not address the concern that children's information and photos made available online by the legal guardians themselves.
Parents' lack of awareness and ignorance of technological measure is assumed to contribute to the issue at hand.

Digital Skills
Parental control on the sharing of information online must be complemented with the digital skills to determine the type and extent of information sharing online. Zakaria et.al suggested a rule-based privacy tool for the parents or legal guardians to decide on online content sharing (2011). Zakaria et.al categorised the level of privacy into the following settings: This tool proposed that a low privacy level allows everyone to access information related to a child's school of a child, activities or interest of a child and profile search ability of a child social media account. Disclosing the name of the school of a child is questionably safe for everyone to access. Sharing activities or interests of a child may also be doubtfully risk-free, particularly if the information of activities includes a specific location such as a music studio or a sports training centre. Also, parents should be informed that social media networks offer choices to a user to limit the privacy setting of an account and any postings with security settings on the sites. The relatives and friends who are permitted to access the images can still distribute them with other users. Parents have additional technological measures by coding and encrypting the images to restrict downloading and possessing of the picture (Moh, 2016). Modern parents may find the steps easy to execute but the older generations may have technical difficulties to apply the security measure.

Educational Measures
In Malaysia, the regulatory authority, the MCMC has jointly organised awareness programs for the parents continuously. The non-governmental organisations and the telecommunications companies are also assisting the MCMC in the campaign for the parents to reach out to the children (Chow, 2018). One of the initiatives was a town hall meeting and UNICEF also launched the 'State of the World's Children (SOWC) 2017: Children in a Digital World' report which educates parents to understand safe Internet practices and how to protect their children online (Chow, 2018). In the same event, a digital safety advocate highlighted that parents must be empowered to learn online dangers and must be able to handle a situation if the child became a victim of online abuse (Chow, 2018). Cyber awareness also demanded that parents need to control themselves from cyber addiction using handphones. Furthermore, the MCMC plays the role of providing technical assistance to the police force, if required. The police have formed a special child cyber sexual investigation unit to trace those involved. The government agency also has taken initiatives to carry out the national council for children and welfare team for children at the district level. A child registry has been created to cover a list of offenders linked to crimes involving children.

Conclusion
The technologies of IR4.0 need to be utilised wisely by the parents or guardians to shape the online future of their children. Parents may unintentionally jeopardise their children's privacy and safety. Ignorant of the third-party abilities that are supported with the advancement of technical tools and applications is not an excuse to ensure the safety, security, integrity, and privacy of the children online and offline The current laws only address offensive information shared by a third party or media. There is a lacuna in law to control and limit the act of sharing of children's information by parents. The existing parental control also has not been effectively exercised by parents. First, there is ignorance of making an informed decision on what to share online about their children. Second, parents have a lack of digital skills to set a limit to the privacy setting of an account and any postings with security settings on the sites. Parents are not equipped with additional technological measures by coding and encrypting the images to restrict downloading and possessing of the picture. Third, parents lack digital safety knowledge and expertise in handling a situation if the child became a victim of online abuse. The existing measures do not include children's own right to control the information shared online. The parents are given the right to create a social media account of their children without consent from their children. Similarly, children are also not authorised to sign a consent letter for the sharing of information. Majority of the social media network provides for age restrictions to create an account. This restraint to some extent grants safety technological measures preventing children below a certain age to form an account. However, if an account is established by a father or a mother, the child has no say on the matter. Certain laws recognised children of 16 years to have the right as an employee under the Children and Young Persons (Employment) Act 1966 and to be charged for criminal offence under the Penal Code. Accordingly, 16 years as the age of consent to be legally competent to consent or refuse consent online should be set under the law as the age of being capable to control online privacy in Malaysia. The paper concludes that the features of Feinberg's theory are essential in nurturing a child's right to online privacy. Sharing of information by parents requires certain limitations if the action resulted in closing of an opportunity or an option. There is a necessity to address this implication if it is harmful to the child. Restraints in a form of legal and parental controls is proposed with the support of other initiatives including technological and educational mechanisms.