Children's Privacy Law Takes Effect

Friday is the deadline for compliance; some sites are still scrambling to get ready.

DeWayne Lehman, Computerworld

• Email
• RSS
• 0 Comments

The act mandates that sites with traffic that includes children under the age of 13 post a privacy policy spelling out what information they collect about their child visitors. Sites must have a parental notification and approval system in place.

"What we're learning is that a lot of sites aren't in compliance," says Parry Aftab, a children's Internet lawyer and author of The Parents Guide to Protecting Your Children in Cyberspace.

Complying can be difficult. The act requires that any site whose owners know that children under the age of 13 are visiting and might share personally identifiable information must gain prior parental consent. It covers information required for registration at the site and even data the kids may reveal in a chat room or posting service.

The act requires different levels of notification, depending on the amount of data shared. Sites that don't share information, for example, must notify parents by e-mail. Those that do share information or allow children the opportunity to do so must notify parents offline, by fax or phone.

Most major children's sites, such as the Cartoon Network site and Nickelodeon's Nick.com, appear to be prepared for COPPA, according to Loren Thompson, an attorney at the FTC. But that has come at a price.

FreeZone Network estimates it spent a "hefty" $96,000 on staffing, system administration, and hardware and software to make its site compliant with the act, according to Alison Pohn, the company's managing director.

Short-Term Fix

Other companies have taken a different tack.

"Our way to be compliant is to just not allow kids 12 and under on the site," says Karen DeMars, president of ECrush.com, which offers teens a high-tech, e-mail alternative to junior high note-passing. "We just didn't have the manpower to verify all the parental consents, and there's just no faking that."

Prohibiting admittance to children who indicate on a registration form that they're under 13 cut ECrush's audience of 350,000 users by about 5 percent, she says.

But many sites still haven't complied with COPPA and face the possibility of stiff fines.

At the Web site of Beanie Babies maker Ty, for example, kids can register to participate in online chats, but the company's privacy statement doesn't list the required company contact information. COPPA mandates that kids' sites list contact information such as address, telephone number, and e-mail so parents can easily reach the company.

Ty didn't return calls seeking comment.

The FTC will be pursuing several cases in the coming months, and will be surfing to find noncompliant sites, Thompson says.

"Since this involves the protection of children, we will be enforcing it," she says, spelling out the $11,000-per-violation penalty. "If you're collecting information from 300 kids, that's 300 times $11,000."

For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.

• Email
• Print
• RSS