The debate over online child information privacy and surfing habits is
likely to generate a little heat over the next few weeks as the Federal
Trade Commission decides whether to extend parental notice requirements for
Web site operators.
It’s an issue that has both sides up in arms: Web-operated businesses
catering to children under 13 say there is no privacy problem, while
research conducted by child advocacy groups show compliance is spotty at
best, even with FTC enforcement.
Until Nov. 30, the FTC will seek comment from parents and businesses about
whether the extension of email notification by Web site operators to
parents, originally scheduled to go away April 21, 2002, should continue to
be enforced to 2004 or beyond.
Several years ago, there was growing concern from advocacy groups and
parents alike that personal information, important to marketers for
demographic targeting, was
readily available from children under 13.
In many cases, marketing campaigns were launched that give away free gifts
to children who filled out a small questionnaire. Questions ranged from
items they spent their allowance on to what their parents talked about at
the dinner table.
Congress enacted the Children’s Online Privacy Protection Act (COPPA),
which gave the FTC a tool to force Web site operators to abide by a
“sliding rule” for collecting information from children under 13 (like
spending habits and what sites they visited frequently).
For example, a child’s personal information used for internal use required
only an email reply from the parent. But if the information was going to
be sold to an interested third party, parental approval had to meet much
more strict guidelines before a child’s private information could be
garnered, such as electronic certificates or similar technologies.
Child-centric sites are also required to prominently post their information
collection practices on the Web site, a practice approximately half failed
to do, according to the FTC. The penalty for each COPPA violation runs
$11,000.
The FTC expected to end the enforcement period by April, 2002, anticipating
readily-available and inexpensive technology which would provide a secure
and verifiable notice of parent consent. But the technology has been slow
to develop, forcing the regulatory body to reassess their thinking and
extend the deadline, maybe indefinitely.
Web operators don’t know what all the fuss is about, according several
reports. Many say they already
follow exacting demands for ensuring a person’s private information
through membership with trusted online certificate companies like BBB
Online, TRUSTe and CPA Webtrust.
In fact, many businesses see FTC enforcement as a veiled
means of keeping an eye on the business practices employed by U.S.
companies, a virtual “Big Brother.”
But according to a recent report by the Annenberg Public Policy Center at
the University of Pennsylvania, almost half of the 107 children’s sites it
visited skirted FTC regulations by not prominently displaying their privacy
or information collection policies.
The report gives online children’s sites a mixed report card: while most
of the sites (96 percent) featured information on the types of information
they collected, far fewer explained to parents in language they could
understand the rights they had to limit the collection of that information.
Joseph Turow, the author of the study, said the results show a seeming lack
of concern by many businesses to follow FTC guidelines.
“The complexity of the statements raises the question of whether companies
expect or even want parents to read their policies,” Turow said. “If most
sites were serious about helping parents make informed decisions about
their rights, they would create notices that are easier to read and
understand, and they would highlight the information mandated by the FTC.”
Some companies are looking to outside agencies to dictate their policy
regarding children, as in the case of Internet service provider (ISP)
EarthLink, Inc., the third-largest in the nation.
The premium service, available to all its subscribers, comes from
SurfMonkey, a company that allows children to surf the Internet via a
special Web browser similar to Internet Explorer and Netscape. The browser
is configurable to allow parent’s to control what sites the child visits
and what information can be collected.
Cynthia Money, SurfMonkey senior vice president of business development,
said company is very supportive of COPPA requirements and takes every
action to remain in compliance.
“Of the 15,000 Web sites that are pre-approved by our editors, all are
COPPA compliant,” she said. “If the FTC calls us and says that one of the
sites is non-compliant, even if we get a complaint from a parent, we take
that site off of our list.”
