Online privacy protection for children takes a big step forward
In the midst of the recent bruhahas about e-mail viruses, copyright issues for music on the Web, and the potential Microsoft breakup, some very significant privacy regulations came into effect - although you would hardly know it from how little media attention they garnered.
The Children's Online Privacy Protection Rule became effective on April 21. It means that Web sites that direct their operations toward children must now comply with some of the toughest privacy rules anywhere on the Web.
The new rule is the implementation of the Children's Online Privacy Protection Act of 1998. It imposes some pretty stringent requirements on commercial Web sites that 1) target children under the age of 13; and 2) know that they collect or maintain personal information from a child under 13.
"There is no bright-line test for determining whether a Web site 'targets' children, but if a Web site explicitly markets itself to children, contains animated cartoon characters, or offers games or activities that would be mainly of interest to children, it will probably be covered by the regulations," according to a statement by the Technology and Intellectual Property Group of the law firm Nixon Peabody.
"More important, if an operator knows that its Web site collects information from children under the age of 13 (for example, if users of the Web site must register and provide dates of birth), then the Web site will be covered by the rule."
In order to comply with the new regulations, children's Web sites must:
*Make sure that their privacy policy is posted in a very conspicuous place on the site. The policy must contain details on what information is collected, how personal information is used, and the disclosure practices for the information.
*Make a reasonable effort to obtain parental consent before any child gives his or her personal information to any site. There are several ways that a Web site operator can satisfy the law: (a) provide a consent form that can be downloaded and printed, then signed by the parent and returned via mail or faxed back to the Web site; (b) require the parent to use his or her credit card if a child wants to buy anything from the site; (c) install a toll-free number (maintained by living, breathing humans and not voice machines) where parents can call and give information; (d) create public key encryption - basically a coded e-mail message; (e) e-mail that provides a password or PIN, probably transmitted using method d.
*Make sure every parent can review the information any site has on his or her child, and the parent must be able to delete that information so that it cannot be used in the future.
*Not use games, prizes, or similar activities to coax more personal information out of the child than is "reasonably necessary to participate in such activities." So asking for names and e-mail addresses might be okay to take part in a game, but asking for personal tastes in music, games, or even how much you think Mom or Dad makes a year, are forbidden.
*Protect the confidentiality, security, and integrity of every iota of information that is collected from the children who visit their Web sites.
If sites don't observe the new regulations, then the law allows states to sue them for compliance. The Children's Online Privacy Rule doesn't mean that every site will stop trying to take advantage of children. But it does mean that law enforcement now has some teeth with which to force compliance, and parents have a way to determine if Web sites are suitable for their kids. Now, all we need is some similar legislation for the privacy rights of us grown-ups, and we'll be all set.
The full text of the law is available at the Federal Trade Commission's site, www.ftc.org.
*Tom Regan is associate editor of the Monitor's Electronic Edition. You can e-mail him at csmbandwidth@aol.com
(c) Copyright 2000. The Christian Science Publishing Society