"Children's Online Privacy Protection Act (COPPA)

As technology grows, so does kids' interest in it.  This has many positive benefits in that it allows children to learn more, faster and it delivers worlds of information right to their doorstep every second.  However, there are drawbacks.  Chat rooms, cyber malls, and on-line web sites are not always the best places for our children to congregate.  In an effort to protect kids and inform parents, the COPPA (Children's Online Privacy Protection Act) was signed in 1998 and went into effect on April 21, 2000.  Read on to find out what this means for you as a web business owner and/or a parent.

This new legislation requires that whenever children under 13 years of age are asked to give personal information on the web (name, address, telephone, hobbies, etc.), their parents must be notified for consent purposes. Sounds good.  However, there are holes in this seemingly straightforward ruling.  Let's take a look.

• According to information on the Federal Trade Commission (FTC) web site, a web site operator is required to put a statement on their site regarding children's privacy.  It must be "clear and prominent" (not hidden in any obscure way or put in exceptionally small print.  It is recommended that there be a special link or colorful font to draw the visitor's attention). 
• The web site owner/operator must identify who they are and include all persons who have access to the site's information. 
• It must be clear what specific information is being requested.  Is it just basic name, address, phone or does it go into greater detail?
• If information is being collected from children, the operator must explain how it will be used.  Will children be targeted for product marketing?  Will their names be entered into contests?  Will they put on a mailing list?  Will continued communication be ongoing or sporadic?
• Operators must be clear about whether shared information is kept completely confidential or if it will be shared with third parties.  In the event of sharing child demographics, it must be told with whom?  For what reasons?
• Parents have a right to consent or deny any of the above for children under 13 years of age.  How is this done?  That too must be explained in the web site's child protection policy.  Again, it must be stated clearly.  Will parents be notified by e-mail, snail mail, phone?  What happens if the policy is via e-mail and the parents do not have access to this technology?  These are where the holes appear.

In the summary from the FTC, "reasonable efforts" will be made to obtain parental consent.  It states that parental consent must be given before data is collected from children.  However, there exists a "sliding scale" approach to parental consent until April 2002.  This means that consent will be more aggressively sought when there is more risk involved (for example, sharing collected information with a third party vs. developing an internal database).  In some cases, information from children is collected and parent's are notified afterwards.  This constitutes parental consent. 

I encourage you to find out more about this if your website is accessed by children or geared towards them.  Protect yourself and our children.  Also, consider putting an icon on your page letting visitors know that your site is "kid friendly" and have been rated in such a way. 

Check out these web sites:

• www.ftc.gov/bcp/conline/pubs/online/kidsprivacy.htm
• www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm

Both of these give general information on the COPPA legislation.

Internet Content Rating Association (www.rsac.org) - this is a resource that will rate your site and give you an icon or html to include in the head section of your site.  This can be picked up by search engines and/or interested visitors.