Web Sites Coping With COPPA

Recently, several parents were vexed by e-mails their children received explaining they would no longer be able to access many popular Web sites without having their parents go through a verification process that included submitting a credit card number.

The e-mails were sent as part of Web sites’ efforts to comply with the Children’s Online Privacy and Protection Act (COPPA), which was signed into law in 1998, and goes into effect Friday. Now, commercial Web sites and online services that collect personal information from children under the age of 13 without the consent of their parents are breaking federal law and face fines of $11,000 per violation.

To comply with the law has not been child’s play. For instance, Yahoo! Inc. has added Family Account registration, which is specifically designed to prevent underage children from accessing personalized services without parental consent. When a user is identified as being under the age of 13 (detected by the date of birth entered during the registration process), a parent or supervising adult must now create a family account, which only can be accomplished by providing a valid credit card number with expiration date. Once credit card data is entered, the youth may establish and/or maintain a Yahoo! account as well as gain access to the site’s personalized services.

According to Yahoo! Privacy Policy Manager Anne Toth, the credit card entry is a means of verifying that the individual registering the minor is over the age of 18.

“Fundamentally, with the family account registration, the parent now has the control, for example, to see what types of emails their children are receiving and modify their children’s accounts,” she adds. “Additionally, we have established barriers, including blocking children from creating a club or joining certain clubs. The changes we have implemented, which were put into place last May, allow parents to become more involved in their kids’ Web-surfing activities.”

At [email protected], user information is being segmented so the site can determine which users are under the age of 13 and delete their personally identifiable information.

“Also, we now do not allow that segment entry to products that require personally identifiable information, such as email and chat rooms,” said Leigh Dally, Excite’s senior public relations manager.

“However, minors can still use other parts of the Excite service such as the personalized start page and Excite planner. We are considering implementing parental consent mechanisms for children under 13.”

COPPA was created to put parents back in charge of their children’s personal information online, said Robert Pitofsky, chairman of the Federal Trade Commission, in a statement.

“The Act gives parents the tools to control who collects personal information from their kids, how that information is used and whether it is shared with third parties. The rule implements one of the Commission’s top goals – protecting children’s privacy online.”

Key provisions of COPPA are that sites must:

  • Provide parents notice of their information practices
  • Give parents a choice as to whether their child’s information will be disclosed to a third party
  • Provide parents access to their child’s personal information and allow them to review it and/or have it deleted
  • Not require a child provide more information than is reasonably necessary to participate in an activity
  • Give parents the opportunity to prevent further use or collection of information
  • Maintain the confidentiality, security and integrity of information collected from children

America Online Inc. (AOL)
reported that it deleted the profiles of anyone who listed their age as
under 13

in their online identities. San Francisco-based eCRUSH.com Inc., a Web site that matches
teens with mutual crushes, simply opted to close down the accounts of
members under 13 rather than attempt to obtain parental consent.

Other online entities are spending big bucks to comply with the federal
law. FreeZone, a portal site for
kids between 8 and 14, estimates it will spend about $100,000 to comply
with the new law. The company already requires parental consent, but now it
must beef up its privacy area and install clearer, larger links to it.

Alloy Online Inc. produces Alloy.com,
a site catering to teens. The firm said it would spend about $200,000 to
comply with COPPA. Other online entertainment sites, like Walt Disney Co.
(DIS)
Disney.com must completely revamp
their information collection policies could end up spending as much as
$500,000 to comply with the law.

As a result of COPPA, Disney’s GO.com
requires that parents provide credit card authorization in order for their
children to participate in any activities that involve external
communications, such as message board posting, open chats, and holding an
e-mail account. The requirement will be practiced across the GO.com (GO)
family of Web sites, including ESPN.com,
ABCNEWS.com, and ABC.com.

Larry Shapiro, GO.com executive vice president, said Disney has always put
its guests first and that the initiative was a part of its online expansion
plan.

“Beginning with Disney Online and now with GO.com, we strive to be leaders
in the area of safety and privacy on the Internet and encourage others to
devise innovative online safety solutions,” Shapiro said.

Since January 1999, GO.com and Disney Online have required parents to
provide e-mail verification for the children to participate in online
activities requiring parental permission on Disney.com.

Sandiego.com Inc. Thursday
introduced a free online service for Webmasters and parents to help
everyone understand COPPA compliance.

Parents can obtain a ParentCheck ID for
each of their children that shows whether or not a child has permission to
provide information requested by the site.

Webmasters can sign-in at the same site to receive instructions for adding
the service to their Web sites. By linking forms to the ParentCheck site,
the Webmaster gets access to a third party process for obtaining a parent’s
permission.

Mark Burgess, Sandiego.com president, said the company had to take action
to take care of its clients and develop their sites to comply with the new law.

“We decided to make it easy for ourselves and everyone else faced with the
same problem,” Burgess said. “We’ll be publishing the largest database of
San Diego based web sites in the next couple of weeks and we’ll be using
ParentCheck’s ‘Over 18’ function to screen young users from listings of the
adult oriented sites operated by San Diegans.”

Sandiego.com developed and hosts the LEGOLAND California Web, Del Mar Fairgrounds, and San Diego Convention and Visitors Bureau Web
sites.

Privacy advocates acknowledge that enforcement of the law remains illusive
because there is no way to make sure children provide accurate information
about their age online. While the law was designed to protect the privacy
of p

reteens online, it will most likely be several weeks before the real
effects resonate through the world of children’s online content.

For the moment, everyone is watching the Web to see how well the law works
because its level of success will set the tone for future efforts to
protect the online privacy rights of all Americans, regardless of their age.

The FTC has launched a

News Around the Web