The Children’s Online Privacy Protection Act (COPPA) took effect on Friday, requiring online businesses to secure parental consent before collecting personal information from pre-teen Web surfers.
Though COPPA was passed in 1998, the law prescribed April 21, 2000 as the deadline for enforcement to allow Internet companies sufficient time to comply. The law makes it a federal offense for commercial Web sites to collect personal information from children under 13 without parental permission. The Federal Trade Commission (FTC) said that violators could face a $10,000 (US$) fine for each offense.
FTC Chairman Robert Pitofsky said, “The Act puts parents back in charge of their children’s personal information online.”
Parental Permission Required
The law says that in addition to securing parental permission before collecting personal data from children, the sites must allow parents to review information collected.
Further, Web sites must delete information at a parent’s request, and they must obtain parental permission before disclosing information about children to third parties.
The law prohibits Net companies from requiring more information than is reasonably necessary to allow children to participate in their Web site activities.
Some Web sites have been scrambling to come up with rules that will satisfy the new law, but still allow pre-teens — who often have a vote in how to spend family money — to use their services.
Others, such as America Online and eCrush — a site aimed at helping people hook up with the objects of their desire — are taking a hard line approach and deleting all accounts for users under 13 years old.
America Online is urging customers to sign their children up for parentally controlled accounts that do not give children full Internet access.
Hotmail and Yahoo! are allowing children to keep their accounts or start new ones, as long as a parent registers a credit card number and acknowledges the company’s terms of service.
Go.com is requiring credit card numbers from parents before children can participate in activities requiring external communication — including chat and e-mail — at any of the company’s sites, including Disney.com, ESPN.com, ABCNEWS.com and ABC.com.
Kids Speak Out
Even though it will limit their online independence, most of the 8 to 17 year-olds who responded to a 1999 survey of by SmartGirl.com — 95 percent of them, in fact — think that laws regarding online privacy are necessary.
According to SmartGirl.com, 64 percent of the 16,528 U.S. boys and girls who answered the survey believe that the Internet is a dangerous place for kids and young teens, and 58 percent said that parents should give the nod before children give out their street addresses and real names.
However, 94 percent of the survey respondents agreed with the statement, “I don’t want my parents snooping into my stuff,” and 68 percent said they do not want parents reading their e-mail without permission.
When asked whether their parents should monitor their Net surfing, 76 percent of the surveyed youths strongly agreed with the statement, “I don’t want my parents to keep track of the Web sites I visit.”
EmailAbuse.org, an online consumer protection site, blasted the new rules as “a misguided attempt.”
“This legislation is a logistical nightmare,” said Jennifer Widstrom, Director of EmailAbuse.org. “Companies will have to devote excessive, costly resources to comply with this legislation, while indirectly encouraging children to lie about their age. Many children are going to magically have their thirteenth birthdays today.”
For its part, the FTC plans to actively enforce the new law. “We’ll be surfing the Web sites to ensure that it is being enforced,” said Lee Peeler, associate director for advertising practices at the FTC. “We certainly intend to ensure that it is.”
The FTC says it will also rely on tips and complaints from the general public, companies and consumer groups.
Technology to the Rescue
The FTC published guidelines last fall on how to follow the law, and in anticipation of today’s deadline, a handful of Internet companies have developed services designed to help e-commerce companies achieve compliance.
ParentCheck.com, a new service from Sandiego.com Inc., provides a third-party process for obtaining parental permission. The system offers parents the opportunity to get special IDs for their children, which show they have permission to provide information requested at ParentCheck-enabled Web sites. Web sites can choose to require a parent’s e-mail address or a ParentCheck ID for anyone aged 13 and under to comply with the law.
Meanwhile, privaseek.com. says it will soon release a free software download called ChildPAK, which will enable Web sites to recognize children under 13 who are registered with the service.
The program allows parents to create profiles for their children and store them on the company’s servers. Web sites can communicate with the registered parents and gather information from children after permission has been granted.
Net Nanny Software International, Inc. has added a link in its “Resources” section to the FTC’s Kidzprivacy Web site, and The Center for Media Education launched its own site, kidsprivacy.org, to post information about the law.
Surprisingly, the widely-used online privacy assurance service TRUSTe does not appear prepared to counsel its clients on how to deal with the new rules.
In the site’s “Privacy Central” information section for Web publishers, the most recent information TRUSTe offers is a statement noting the passage of the original bill. The site adds, “It is anticipated that during 1999, the Federal Trade Commission will further define the implementation of this legislation.”