Adam Feinsilver's Cyberlaw Tips
Children, the Internet, and COPPA  

	There is a considerable risk that your child will innocently run into trouble on the Internet.  As a parent, you find yourself faced all-too-often having to balance your child's needs and wants.  As if that weren't difficult enough, the third factor in the equation always seems to be risk.  Not only does the Internet bring the world to your child, but it also brings your child to the world.  Taking advantage of new legislation will help you keep your children safe on the Net whether they need to be on it for research or want to be on it to blast mutants in cyberspace.

Trouble Can Find You
	
	It is not just naivete that can land your child in a difficult situation.  Even the smartest cookie can be drawn in.  Just as there are Internet companies selling your address to other businesses...just as there are people waiting for you to make a credit-card purchase through an unsecured Web site, there are people on the Internet looking to exploit your children.

	Do you want your child's name, address, and phone number floating around in cyberspace?  How about her hobbies, recent purchases, favorite boy band?  Two separate concerns may come to mind here.  The first is the privacy consideration.  Do you really want your child's personal information being stored, used for marketing (possibly directly to your child), or being sold to a third party?  The second, and more frightening concern, is the criminal element.  What if a cyberstalker or pedophile gets hold of this information?

The Law on Child Internet Privacy 

	A few years ago, federal officials discovered that companies were asking children a lot of questions while they were playing video games or doing research for book reports online.  In a March 1998 survey of 212 commercial Web sites, the Federal Trade Commission reported that 89% of the sites collected personal information from children.  Only 1% (no, that is not a typo) required parental consent for the collection and disclosure of their child's information!  That is, 187 of the sites were collecting information about children and often selling, trading, or giving that information away to third parties without parental knowledge.      

In response, Congress enacted the Children's Online Privacy Protection Act of 1998 (COPPA) to protect children against having their personal information used against them.  Specifically, the Act forecloses the collection, use or disclosure of children's "personally identifiable information" for unfair or deceptive acts.  The Act covers information such as names, e-mail addresses, home addresses, telephone numbers, and hobbies.  Going a step further, COPPA gave the Federal Trade Commission the responsibility of enacting rules to regulate the online collection of personal information from children.

The FTC's New Rule to Protect Children's Online Privacy went into effect on April 21, 2000.  To a large extent, it places the ball back in the parent's court.  Operators of commercial Web sites and online services now must disclose their information collection practices to parents.  In most instances, the collector must obtain "verifiable parental consent" before collecting any personal information about a child.  The exception to the rule kicks in when collecting a child's e-mail address to: respond to a one-time request; give notice to the parent; ensure the safety of the child or the site; or send information such as a newsletter on a regular basis (so long as the parent has had the opportunity to refuse the arrangement).  Under the Rule, parents also chose whether their child's information may be disclosed to third parties.  This should help avoid an avalanche of Pokemon advertisements when your child tells a site operator that his idol is Picachu.  Parents will be able to review and delete information about their child that has been collected and prevent future use and collection of information. 

Criticism of the New Rule

	Protecting children's privacy is one of the FTC's top goals.  It's New Rule is certain to help the cause, but it is not flawless.  The first problem is it's age limitation.  The Rule only applies to children under 13.  Somewhere along the administrative trail it was decided that your 13+ year old child's privacy does not need the same measure of protection as it did a few months earlier.  The second flaw centers on attaining "verifiable parental consent."  

How does the web site operator know that the consent actually came from the parent?  All parents are aware of the trick involving detention slips or report cards that have a signature bearing the parent's name but no resemblance to the parent's handwriting.  Either your child has done it, she has a friend who has done it, or you did it yourself as a child.  In the context of Web sites, kids aren't trying to avoid getting into trouble with mom and dad, they just want to gain access to the coolest new site that "all of their friends are on."  This reasoning makes it all the easier for kids to justify returning that e-mail in their parent's name granting consent to ask, collect, and disseminate personal information.  The FTC has verification guidelines on their web site (www.ftc.gov) to address this problem.  Where information is only collected for internal purposes, such as marketing back to the child or providing promotional materials about the site, e-mail is sufficient consent and verification does not require more than a confirmation letter or phone call.  If the site operator intends to make the information publicly available, such as in chat rooms or message boards, the consent must be more reliable.  Even so, a signed form through mail or fax may suffice.  Again, bringing back that detention slip loophole.  A more effective solution on the FTC's site suggests verification via e-mail secured with a digital signature.

Backup Plan

	Even if the consent it disingenuous, the Rule still provides some extra hitches to ensure your child's privacy is protected.  Site operators can only ask for information that is reasonably necessary for participation in a site's activities.  This will protect your child from being asked which school he attends just before he is allowed to blast away green aliens from Neptune.  Finally, the site must maintain the confidentiality, security, and integrity of the information that is collected from your child.

Reaction

	Parents can be assured that the government is taking a strong stance on protecting our children's privacy online.  COPPA and the FTC's Children's Online Privacy Protection Rule have turned up the heat on Web site operators who have used and sold children's information as a commodity for advertising and direct marketing efforts.  An FTC attorney recently reported "the bottom line is we will be enforcing this law and looking at violators closely."  Their enforcement efforts include a force of dozens who randomly check sites for their requirements on gaining parental permission.  The editorial director of Freezone.com, a site known for its privacy model, said "kid's won't be such sitting ducks for marketers."  Federal law is taking shape to help protect our children's privacy online.  While the FTC can enforce the Rule, parents must take action to make it work. 
==================================================================
Disclaimer:  Adam Feinsilver's Cyberlaw Tips are not to be considered legal advice.  The information is provided for general educational purposes only.  Do not rely on the general advice given here, as it may not fit your particular situation.  You must contact your attorney to address your specific situation.

Adam Feinsilver is a Cyberlaw attorney and sole proprietor of Adam S. Feinsilver, Attorney at Law.  He can be contacted via e-mail at adam@feinsilver.com or by calling the Firm at (561) 790-3857.

Adam Feinsilver's Cyberlaw Tips may be duplicated and distributed in its entirety so long as no changes are made to the article, its headers or footers.  However, Publication or posting to a Web Site requires permission.

Copyright 2007 Adam S. Feinsilver