New Law Protects Kids Online, but It’s No Substitute for Parenting
A federal law that went into effect last week can help protect your children’s privacy, but law or no law, parents still have to watch what their kids do and say on the Internet.
The Children’s Online Privacy Protection Act (COPPA) mandates that commercial Web sites aimed at children younger than 13 obtain verifiable parental consent “before collecting, using or disclosing personal information from a child.”
It also requires the sites to disclose to parents, on request, the general type of information they collect from children and the specific information they have collected on that parent’s child. The site, for example, must tell parents if it intends to use the personal information to send a prize if a child wins a contest, or if it plans to use it to market products to the child. The act also requires sites to notify parents before they let kids into chat rooms.
COPPA will be enforced by the Federal Trade Commission, which has information about the law on its Web site, https://www.ftc.gov/privacy.
One of the most controversial aspects of the law is how a site obtains parental consent.
During the comment period on the law, a number of sites aimed at children asked the FTC to adopt procedures that aren’t unnecessarily slow or cumbersome. The result was a multitiered approach that bases how a site must get parental consent on how it intends to use the information.
If the site plans to use the information solely for internal purposes (in other words, not disclose it to other companies), the parental permission can come in the form of e-mail from the parent. But if the information is to be disclosed to third parties or publicly posted, the parent must mail or fax a signed form or grant permission over the phone to someone who is presumably trained to tell the difference between an adult and a child’s voice.
*
Alternatively, the parent can submit a credit card for verification on the theory that only adults have access to credit card numbers. Disney Online, according to a spokesperson, plans to require parents to verify their identity with a credit card because its site allows kids to post messages on a public bulletin board, which is a form of public disclosure.
Eventually, the FTC plans to use other means of verification, such as digital signatures, as they become available. The FTC plans to revisit the verification issue in October 2001.
The law also requires that the sites post a notice of their information practices, also known as a privacy policy, on its home page and “at every area where it collects information from children.” Unlike typical privacy policy notifications, the links must be “clear and prominent” and “clearly written and understandable,” according to FTC guidelines. What a concept.
The notice should include the kind of personal information collected from children (such as e-mail address, name, phone number, street address or hobbies) and how it is to be used. The site operator also must indicate whether that information will be sold, bartered or otherwise disclosed to third parties.
COPPA was enacted after a 1998 FTC report that found that 85% of the sites studied collected personal information from consumers, but only 14% offered any notice about how the information is used and only 2% included a comprehensive privacy policy. Of the sites in the study aimed at children, 89% collected personal information directly from children, but only 54% disclosed their information practices and fewer than 10% provided for some form of parental control over the collection of information.
COPPA is a good start because it puts commercial Web sites on notice that they have both social and legal responsibilities for information they collect from children. It also reminds parents of their responsibility to pay attention to what their kids are doing online.
Perhaps the parental-consent requirement will get parents thinking about what their children do online and, hopefully, open a dialogue between parents and kids. The simple act of asking a child why he or she wants to register for a site, enter a contest or download information could be a springboard for an enlightening conversation.
Yet even with this law in place, it would be reckless for parents to think that all is well just because the government is protecting their children’s privacy.
To begin with, COPPA has a number of major limitations. First, it affects only sites designed primarily for children. Sites aimed at the general population and noncommercial sites aimed at children are not covered.
Second, it will be extremely difficult to enforce on sites outside the United States and, as with most laws, there will be some who simply won’t comply. A pedophile, for example, could use a child-friendly site to collect personal information that he or she might later use to try to contact the child. Inevitably, some kids will find ways to bypass the hurdle of getting parental permission by forging e-mail or entering a parent’s credit card number into a verification screen.
Finally, the act only applies to children 12 and younger. Teenagers also are vulnerable to exploitation and dangers online and offline and, because of their purchasing power, plenty of companies are eager to get information about them.
*
What’s more, teens have lots of ways to get into trouble online, including revealing personal information in chat rooms or agreeing to get together with a seemingly simpatico e-mate.
The fact that COPPA was passed by the Senate and House doesn’t relieve you of your responsibility to reinforce Internet safety rules in your house. Remind your children to never give out any personal information--including their name, e-mail address, phone number or school--to anyone they meet online, regardless of how nice that person may seem.
Remind them that when they’re in a chat room, they’re out in public and among strangers. Ask them to talk with you if they come across anything that makes them feel uncomfortable or if they want to enter a contest or register for a site.
If they do come to you with a problem, don’t overreact, and if they request permission to do something fun online, be reasonable, so they know you’re willing to let them do things that you’ve determined to be fun and safe.
And just because COPPA doesn’t apply to teenagers doesn’t mean you can’t establish your own rules.
The FTC may not have jurisdiction over the online activities of the two teenagers in my house, but my wife and I do.
Technology reports by Lawrence J. Magid can be heard between 2 and 3 p.m. weekdays on the KNX-AM (1070) Technology Hour. He can be reached by e-mail at larry.magid@latimes.com. His Web site is at https://www.larrysworld.com.