Sites Cope With COPPA

Credit card companies up in arms over Children's Online Privacy Protection Act.

James Niccolai, IDG News Service

• Email
• RSS
• 0 Comments

Called the Children's Online Privacy Protection Act, the new legislation aims to prevent personal information from being collected online from children younger than 13 years old without their parents' consent.

"This legislation is a logistical nightmare," declares Jennifer Widstrom, director of EmailAbuse.org, a nonprofit group that fights spam. "Companies will have to devote excessive, costly resources to comply with this legislation, while indirectly encouraging children to lie about their age. Many children are going to magically have their thirteenth birthdays today."

COPPA requires Web sites aimed at child visitors to post a privacy policy spelling out what information they will collect from children. The act also requires the sites to get "verifiable parental consent" before children can use online chat rooms or submit information about themselves.

Bad Credit?

A plan by Walt Disney to use parents' credit card numbers to verify that their children can use services on Disney's network of Web sites was criticized by one major credit card company.

Go.com, Disney's Internet unit, says it will require parents to submit their credit card numbers as a way of authorizing their children to use services on the entertainment giant's Web sites. The company has used an e-mail verification system since early last year, but credit card numbers provide the most certain means of identification, says Michelle Bergman, a spokesperson for Go.Com.

The credit card system will be used on all Disney's online sites, including Go.com, Disney.com, ESPN.com, ABCNEWS.com, and ABC.com. Disney says it won't put a charge on credit cards, only validate them to ensure that the card number is genuine.

But therein lies a problem. When COPPA was being drawn up, credit card companies made it clear that they don't want their cards used for identification purposes unless a monetary transaction is made, says Loren Thompson, an attorney with the U.S. Federal Trade Commission, which is overseeing COPPA's implementation.

"They thought it could compromise their security and lead to more credit card fraud," Thompson says.

William Binzel, a spokesperson for credit card company MasterCard International, declines to comment on how such fraud could be carried out, but he insists that credit cards can't be "validated" as Disney suggested in cases of tiny or nonexistent sums.

"Credit cards were never intended to be used as an age verification mechanism and are ill-suited for that purpose," Binzel says.

Disney is "aware of the credit card companies' concerns" but maintains that its system will work, Bergman says. She declines to comment further.

FTC Recommendations

The FTC suggests using credit cards as one way to obtain parental permission for a child to use services on a Web site, but only when a transaction is being made, Thompson says.

In addition, the FTC suggests setting up toll-free numbers that parents can call, and conducting a fairly lengthy e-mail exchange in which a Web site operator can establish whether they are communicating with an adult.

Neither of those mechanisms is perfect, Thompson admits, and the U.S. government is exploring other technologies, including digital signatures, in search of a more reliable system.

• Email
• Print
• RSS