While adults have little law in the United States to protect their privacy online, since 2000, children have the Children's Online Privacy Protection Act (COPPA). It's one of the few laws in the U.S. to protect privacy rights and it applies to children under the age of 13.
If you're a parent, you need to better understand how you can protect your kids online. If you're a business with a website, you need to comply or face large fines.
Moreover, if you think that your business can just wink at COPPA, think again. This year, the Federal Trade Commission (FTC) fined UMB Recordings, which operates several hundred music-related websites, $400,000. In 2003, Mrs. Fields Cookies paid civil penalties of $100,000 and Hershey Foods $85,000.
The first step in compliance is to determine if you direct your website at kids. According to the FTC, it will look to the "[s]ubject matter, visual or audio content, the age of the models on the site, language, whether advertising on the website is directed to children, information regarding the age of the actual or intended audience, and whether a site uses animated characters or other child-oriented features."
Parents should understand that COPPA protects information that makes your children individually identifiable including their full name, home address, email address, telephone number and any other information that would allow your child's identity to be compromised.
Compliance with COPPA starts with posting a Privacy Policy on your website. This is a document you're going to need a tech lawyer to write for you. It will include disclosure of things like the types of personal information you collect like name and address and how you will use the information. For example, you might say that you will never release the information to anyone. Alternatively, your privacy policy might say that you may provide private information to "carefully chosen partners."
I must say that whether it's a website geared to adults or children, I chuckle every time I see some phrase like "carefully chosen partners." You should know that a "carefully chosen partner" is a euphemism for any company that pays the asking price for your kid's private information with a check that clears the bank.
The hardest part in your compliance efforts will be getting parental consent for collecting private information. After all, using the Internet, it's really impossible to know if it's a parent giving you the consent or a child pretending to be a parent.
The standard for verifying that a parent is really a parent is lower if you're only going to use the private information internally. If that's the case, you can get away with an email from a parent although you really don't know that the email is from a parent and not from the kid. The law lets you wink at that reality.
However, if you intend to share a child's private information, you're going to need more meaningful parental consent like a faxed signature. This can be a tough requirement because the spontaneity of the Internet doesn't work well with some ten-year old getting mommy to fax a privacy consent to you. As a practical matter, COPPA may just preclude you from selling children's private information, which was probably Congress's point anyway.
|