* as published in the Montgomery Bar Association Sidebar, Summer 2000 edition
The advent of the World Wide Web has opened up vast avenues of information and exploration for our children and has a wide array of legitimate and exciting uses for both educational and recreational purposes. Research on just about any topic the teacher requires can be done on the Internet. Game rooms, chat rooms, online contests... all lure our children with promises of fun, excitement, and free stuff. But, short of a total ban on computer use, how do we monitor what shores our children are "surfing" to and what information is available to them? In a world where "identity theft" and "cyber stalking" have become household terms, how do we, as parents of young impressionable children, protect the privacy and safety of our children?
Congress has made an attempt to address these issues. After a three year study, the Children's Online Privacy Protection Act (COPPA) was signed into law on October 21, 1998. The final rule implementing the COPPA became effective April 21, 2000. The Rule, as published by the Federal Trade Commission in November, 1999, requires that commercial web sites that are "directed to, or knowingly collect information from, children under 13" must obtain "verifiable parental consent" before collecting, using or disclosing personal information from children. These sites are required to provide notice both on the site and directly to parents about their policies with respect to the collection, use, and disclosure of children's personal identifying information.
Don't breathe a sigh of relief just yet. COPPA does not prevent children's web sites from requiring personal information in order to participate in web site activities. What it does require is "verifiable parental consent" to the use of such personal information. The statute defines "verifiable parental consent" as "any reasonable effort (taking into consideration available technology)...to ensure that a parent...authorizes the collection, use, and disclosure" of their child's personal information.
The final rule temporarily allows a "sliding scale" approach to vary consent methods based on the intended use of the child's information. If personal information is to be disclosed to third parties or made publicly available through chatrooms or interactive activities (considered the highest risk categories to children's safety and privacy), parental consent must be verified by a "more reliable method" such as: print-and-send via postal mail or facsimile, use of a credit card or toll-free number, digital signature, or e-mail accompanied by a PIN or password. For internal uses only, web sites will be permitted to use information with a mere confirmatory e-mail. However, this "sliding scale" will sunset after two years, at which time the more reliable methods of consent will be uniformly required. Specific exceptions to the consent requirement are one-time uses of e-mail, such as to enter a child in a contest, or respond to a request for homework help.
The initial problem with the consent requirement is that by the time the parent receives notice, the child has already disclosed the very information we so desperately seek to protect. The parent does, at this point, have the option of having the child's personal information deleted and refusing to permit further collection or use of the child's information. The second problem with this approach is that my nine-year-old is already computer savvy enough to know how to access my e-mail and respond to the request for consent. Yet, despite its obvious shortcomings, the COPPA appears to a step in the right direction in a world where all of our personal information is increasingly "out there" for the taking.
In addition to the parental consent feature, the COPPA requires that a privacy notice be clearly and prominently placed on the site, and that parents be given the option to consent to use of the child's personal information without consenting to disclosure of that information to third parties. Check out the sites your child is surfing to make sure the privacy notice and uses of information are clearly displayed and written in understandable language. Violations of the rule are enforceable by the FTC and carry civil penalties.
The COPPA is codified at 15 U.S.C. §6501 et.seq. and the Final Rule is published at 16 C.F.R. Part 312.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.