Websites That Invade Youth Privacy Take Hits

Print More

On the same day the Federal Trade Commission settled its first case under the Children's Online Privacy Protection Act, the Center for Media Education (CME) said commercial websites collecting information from young children have begun to change their ways, but there's a lot of room for improvement.

"In its first year this new law has already begun to correct some of the most egregious marketing practices on the Web that threatened children's privacy," said CME President Kathryn Montgomery. "However ... more effective education and stronger enforcement will be necessary to ensure that this law is fully effective."

The act (known as COPPA) passed in 1998, and the FTC gave sites until April of last year to comply with its guidelines. The guidelines regulate certain aspects of commercial websites that target an audience that includes children under 13. Sites must post a visible privacy notice with the operators' contact information and must obtain parental consent before collecting personal information from those children.

Parents also must have discretion over what third parties may receive the information, and can request to have the information deleted.

CME studied the changes made by 153 youth-targeted commercial websites that solicited personal information such as names, addresses and e-mail contacts. While many sites had made changes reducing the amount of data being collected, the majority of sites did not prominently show their privacy policy or protect themselves from fraudulent age entrees.

According to the report, released in April, the major lingering problem seems to involve the COPPA requirements regarding parental notice. CME found 50 sites that collected information from young children, but only 19 complied with the COPPA provisions. The rule requires sites to obtain parental consent either by phone, credit card, mail, digital link or by using a combination of e-mail, personal identification number and password.

The act (known as COPPA) passed in 1998, and the FTC gave sites until April of last year to comply with its guidelines. The guidelines regulate certain aspects of commercial websites that target an audience that includes children under 13.

After the COPPA rule took effect, many sites simply exempted themselves from the parental consent requirement by excluding children under 13 from any site content that requires personal information.

"It was much easier for us to just exclude younger kids from our contests," said Teen.com editor Melissa Rekos, whose site was criticized for a pull-down menu that CME says promotes age falsification. "It was easy for us to get behind COPPA, because we generally target an older teen audience. But I can imagine that it would be costly for younger kids' sites to set up a parental notice system and basically remodel parts of their site."

Andras Csaszar, CEO of Bonus.com and Headbone.com, said that the parental consent requirements decrease the number of children allowed to provide information. Because only one-third of parents respond to the requests for consent, and nearly all of those parents who respond grant permission, Csaszar said he wonders if the other parents just never get around to giving permission.

Csaszar estimates that it cost between $40,000 and $80,000 to alter his sites to comply with COPPA. Both sites require a screen name, e-mail, age and zip code, but Headbone.com, which Csaszar calls a more "community-based" website for younger children, has to collect confirmation through regular mail. Most of the costs, said Csaszar, are from paying salaries for the additional work of obtaining parental consent.

Parents also must have discretion over what third parties the information is given to, and can request to have the information deleted.

CME found that 131 of the 153 sites solicit some form of personal data from children under 13, down 4 percent from 1998. One hundred of the sites posted a privacy policy link, up 54 from three years ago. CME commended these sites, but said the notices were often not posted as a "clear and prominent" link.

Fewer sites sought names and postal address than three years ago.

At about the same time that the CME issued its report, the FTC settled with producers of Girlslife.com, Bigmailbox.com and insidetheweb.com for a total of $100,000. The three sites, said the FTC, collected information from children under 13 without asking for parental consent.

Girlslife.com has yanked services requiring information for the time being, while Bigmailbox.com now excludes anyone under 13 from its services. Insidetheweb.com now instantly links to beseen.com, which requires only an e-mail address. The site's terms of use say that visitors must be 18, but never asks for an age.

CME and the Consumer Federation of America recommend that sites use anonymous registration to allow children to participate without revealing personal data.

More information on COPPA rules can be found at www.ftc.gov/kidzprivacy, or call at (202) 326-2181.