Demonstrating that it means business when it comes to online privacy for
kids, the FTC marked the second anniversary of the Children’s Online Privacy
Protection Act (COPPA) by cracking down on the Etch-A-Sketch Web site and
sending warning letters to 50 other sites.
The Bryan, Ohio-based Ohio Art Co. , manufacturer of the
Etch-A-Sketch drawing toy, will sign a consent decree and pay $35,000 to
settle Federal Trade Commission charges that it
violated COPPA by collecting personal information from children on its etch-a-sketch site without first
obtaining parental consent, the FTC said.
A spokesman for Ohio Art Co. told InternetNews.com that the firm has agreed to
settle, but “has not made an admission of liability.” At no time has Ohio Art
disclosed any collected information to third parties, the company said.
Among other things, the law requires that Web sites obtain verifiable consent
from a parent or guardian before collecting personal information from
children. It also prohibits sites from making a child’s participation in an
activity conditional on the child’s disclosing more personal information than
is reasonably necessary to participate in such an activity.
The FTC alleged that Ohio Art collected personal information from children
registering for “Etchy’s Birthday Club.” The site collected the names,
mailing addresses, e-mail addresses, age, and date of birth from children who
wanted to qualify to win an Etch-A-Sketch toy on their birthday.
The FTC contended that the company merely directed children to “get your
parent or guardian’s permission first,” and then collected the information
without first obtaining parental consent as required by the law.
“Enforcing promises to protect the personal information of our youngest
consumers is an important part of our privacy program,” said J. Howard
Beales, III, director of the FTC’s Bureau of Consumer Protection. “With the
publication of the COPPA privacy
policy compliance guide, Web sites that cater to kids have a new plain
language guide to how to get it right.”
There was some good news on the children’s privacy front, however. The FTC
also announced the results of an April 2001 COPPA compliance survey reviewing
information collection practices at 144 children’s Web sites.
The 2001 survey follows up on an earlier 1998 survey and indicates that
progress has been made. For example, the vast majority – nearly 90 percent –
of the sites that collected personal information from children had privacy
policies, as opposed to only 24 percent in 1998.
Still, the agency thought it wise to send letters to more than 50 children’s
Web site operators, identified through its survey, warning them that they
must improve their privacy policies in order to make them COPPA compliant.
The FTC also extended its “sliding scale mechanism” for obtaining parental
consent, for three years until April 21, 2005.
Under the sliding scale, a Web site collecting personal information solely
for its internal use, and not disclosing the information to the public or
third parties, may obtain parental consent through the use of an e-mail
message from the parent, coupled with additional steps to provide assurance
that it is the parent providing the consent. If the Web site is going to
disclose the personal information to the public or third parties, the Rule
requires that the Web site use more reliable methods.