Web Site Operators Must Protect Kids’ Privacy
Parents, children and educators generally agree that the Internet can, and does, play a positive role in enriching children’s lives.
But the benefits are clouded by the spectre of pornography, predators and commercialism. Addressing those concerns, the U.S. has passed the Children’s Online Privacy Protection Act (COPPA) to regulate the personal data that can be collected on websites aimed at or accessed by children under the age of 13.
The rules are overseen by the Federal Trade Commission (FTC), which says there are several factors it uses to determine whether your website is directed at children, including:
- Subject matter.
- Visual or audio content.
- Age of the models on the site.
- Language.
- Whether advertising on the Web site is directed to children.
- Data on the age of the actual or intended audience.
- Use of animated characters or other child-oriented features.
If your website meets the guidelines, you must follow the rules or potentially face severe fines.
But don’t worry, making your site compliant is fairly straightforward. Here are a few tips to make your web pages acceptable:
1. You must have a clear policy on your site with links from the home page and any page where you collect personal data from children. If your site attracts a general audience but has a children’s area, you must link to the policy from the home page of that area.
2. Make the link prominent, clearly written and understandable. The FTC suggests using larger fonts or different colours on a contrasting background to ensure that it stands out. Don’t think you can place a link in small print at the bottom of the page — or a link that’s indistinguishable from other links on your site. The FTC specifically warns against that.
3. Your written policy must include:
- The name and contact information (address, telephone number and email address) of all operators collecting the data.
- The type of information and how it’s collected.
- How you use the information.
- Whether you disclose the information to third parties, what their businesses involve, how they use the information and whether they have agreed to maintain confidentiality.
4. You must get parental consent to gather the data and parents must be able to retract the permission, review the data collected, and have information deleted at any time. The law offers a sliding scale approach for verifying parental consent, based on the reason the data is being collected:
- If you are using the data strictly for internal uses, you can get consent through e-mail, coupled with a digital signature, a personal identification number or password.
- If you disclose the data to the public or a third party, you must use more reliable methods, such as a signed form by snail mail or fax, or verification of a credit card number.
Exceptions: Under certain conditions, you can collect a child’s e-mail address without parental consent. The exceptions cover many popular online activities for kids, including contests, online newsletters, homework help and electronic postcards.
Given the potential damage to your bottom line and your reputation, complying with COPPA is important. Consult with your attorney to ensure that your company is following the rules to the letter.
(For further information about the rules, the FTC has a section on its website about children’s privacy.)