When the Children’s Online Privacy Act of 1998 (COPPA) went into effect Friday, the measure received mixed reviews.
While some advocates praised the legislation, online consumer protection advocate EmailAbuse.org blasted the new rules as “a misguided attempt.”
“This legislation is a logistical nightmare,” said Jennifer Widstrom, Director of EmailAbuse.org. “Companies will have to devote excessive, costly resources to comply with this legislation, while indirectly encouraging children to lie about their age. Many children are going to magically have their thirteenth birthdays today.”
Compliance with COPPA, which is affecting hundreds of Web sites, could reportedly force administrative expenditures of anywhere from $50,000 to $100,000 (US$) per site.
Under the law, which is now enforceable by the Federal Trade Commission (FTC), such sites must prominently disclose what personal information they collect from children, how it is used and whether it is shared with third parties. Most importantly, the law requires all sites to obtain “verifiable parental consent” before collecting any data from pre-teens.
The consent can be in the form of a signed note, an e-mail with a password, or a credit card number. For the next two years, sites that do not share information with third parties can comply simply by obtaining an e-mail message from a parent. A second e-mail, a letter or a telephone call from a parent is required as verification of the first message.
In addition to securing parental permission before collecting personal data from children, the law says that sites must allow parents to review the information collected.
Furthermore, Web sites must delete information at a parent’s request, and obtain parental permission before disclosing information about children to third parties. Though several huge companies like America Online have already deleted profiles of their members under age 13, analysts predict that the law could trigger the end for some cash-strapped dot-coms that cannot afford the systems necessary to achieve compliance.
While it is disturbing to think that COPPA could be instrumental in putting some e-tailers out of business, that problem pales in significance next to a larger issue. With all the rumbling over compliance with the new law, the Achilles’ heel of the e-commerce industry is once again exposed: Because Internet companies lack the discipline to self-regulate, the government must act.
I believe that the enactment of COPPA is just the first phase in government regulation of online privacy. If satisfactory policies are not built-in as e-commerce continues to mature, more and more consumers will perceive that their privacy rights are being violated. I predict that a steady push for ever more stringent regulations will result in skeins of government red tape along with mushrooming costs for e-tailers.
In fact, according to a recent report by Forrester Research, pressure from consumer advocates is likely to force lawmakers to pursue a privacy bill of rights within the next 12 to 18 months.
“To avoid regulation, companies must convince the FTC that substantial progress has been made toward the fair information principles by the time it next examines the issue,” the report says.
Not Going To Happen
However, Forrester contends that this scenario is not going to come to pass, because the principals involved share too little common ground.
“Asking this group to reach consensus is like expecting hospital, insurers and patients to agree on managed care,” the report says.
Another reason that adequate self-regulation will not happen, according to Forrester, is that profile-driven e-commerce is creating an inherent conflict of interest with privacy.
For example, the Internet Advertising Bureau estimates that 52 percent of all online advertising dollars have a pay-for-performance component, meaning that the most financially successful ad networks are the ones that make heavy use of consumer profiles.
If the conclusion of the Forrester report is correct, and the industry continues to remain fragmented in dealing with this critical issue, I believe that the shakeout caused by future privacy regulations will make today’s exodus of cash-poor dot-coms look like a picnic.