It's 10 p.m. Do you know what your kids are doing online?
It's scary who might. Online pedophiles pretend to be other kids, and cyber stalkers sometimes send kids threatening or sexually explicit e-mail. Spammers, scammers, criminals and con artists can get names, home addresses, e-mail addresses, Social Security numbers and credit card numbers without the user ever knowing.
When legitimate Web sites for kids started unintentionally contributing to these perils, the government stepped in.
"I think we were all appalled by our naivety when it came to kids' safety online," says John Kamp, a lawyer at the American Association of Advertising Agencies in New York.
It's not a secret that many Web sites collect personal information from their users. Advertisers are trying to find ways to make money on the Web and Web sites want to know how to best serve their customers. But many people worry that data about kids could fall in the wrong hands.
That's where the Children's Online Privacy Protection Act (COPPA) comes in. One of its goals is to let parents know about their children's Web activities. It is also designed to keep kids from the clutches of merciless advertisers, with the ultimate objective of protecting children from Web weirdos.
The Federal Trade Commission (FTC) gave online businesses until April 21, 2000, to change their ways. Kids under 13 can no longer give out any personal information - including e-mail addresses - to commercial Web sites without asking their parents first. And businesses must fess up as to why they want the info. Sounds great, right?
If only it was that easy.
The law not only affects every children's site such as Disney.com, but every site that collects information from kids simply because it asks for the user's age. Since many kids 12 and younger are already Web-savvy - Jupiter Communications says about 11.4 million kids were online at the end of 1999 - that's a mammoth task.
"A large number of sites believe that they are compliant when they are not," says Nancy Savitt, a New York attorney who specializes in Internet law. "And a lot of other sites are not even aware that the act affects them."
Others decided it was too much of a hassle.
Bolt.com, a teen site, recently informed users under 13 that their e-mail days were over. NBCi, which owns Snap.com and Email.com, did the same. And ZapMe!, which supplies free computers and Internet access to middle schools and high schools, cut off e-mail accounts for those underage as well.
Enforcing the Law
Some question the act's effectiveness. If a child can't open an e-mail account because she's 11, couldn't she just type in a different age? Or forge a signature? Web sites that collect information from kids must get the parent's permission via fax, regular mail, telephone or credit card confirmation. The only time it's OK to get parents' permission via e-mail is if the information is only used by the Web site for internal purposes.
"We feel that most kids are being honest about their age," says Kim Aimi, marketing manager at Headbone, a Web site that targets kids 8 to 14. "But that could change in the next few months if they start feeling that there are too many restrictions on other sites."
The FTC agrees it's a challenge. "There are new sites up everyday," says Loren Thompson, an attorney at the FTC's division of advertising. "We can't theoretically cover the entire spectrum of Web sites."
There are many reasons to comply, though. Lawbreakers face heavy fines - as much as $11,000 per violation, says Thomson. Bad publicity is probably an even bigger incentive, considering the recent online privacy brouhahas involving advertisers such as DoubleClick. That company not only tracked which sites users visited via cookies (identifying code that a visited site can embed on your computer), but also considered combining that information with the users' names, addresses and phone numbers. Once under FTC scrutiny, DoubleClick decided against it.
ZapMe! has also been heavily criticized for its privacy policies. In exchange for providing free computers, it has permission from the school to monitor students' Web browsing by age, sex and ZIP code. Although it doesn't currently distribute its findings to any advertisers, it could.
"Advertisers and many corporations have come under attack lately," says Bill Bourdon, a representative for ZapMe! "But sponsors provide profit. Without our sponsors, we wouldn't have been able to supply 1,800 public schools with free computers."
Obviously cumbersome regulations can cost businesses and advertisers money. For example, finding out how many 10-year-old girls prefer soccer or softball can help shape a new product or advertising campaign. Without access to that information, advertisers and marketers must simply guess at what will appeal to that 10-year-old girl market.
History of the Act
Before COPPA, the FTC made violators into examples of what not to do in the industry. In May 1999, the commission singled out Younginvestor.com, which is owned by Liberty Financial Companies in Boston, saying that it collected personal and financial information from kids and then failed to follow its policy of anonymity.
Before that, it was KidsCom, which in many ways spurred the law. In 1996 the Center for Media Education, a consumer advocacy group, filed a complaint with the FTC alleging that KidsCom skirted "anti-deception" advertising laws. The group criticized the site for two reasons: collecting information from kids without explaining why, and using deceitful marketing. The site also failed to admit that it was paid to endorse certain products.
Both of these sites quickly complied with the FTC, but the commission recognized that kids' privacy and safety were in jeopardy - whether online businesses realized it or not.
Congress agreed with the FTC and passed the Children's Online Privacy Protection Act in 1998, but it took some time to work out the final rules and regulations. In the summer of 1999, companies, parents, advocacy groups and educators had a chance to comment about the proposed rules.
It's hard to find anyone, however, who doesn't support the law's goals. And many consumer advocacy groups are now turning their attention to teens and adults.
When all is said and done, it's a law intended to empower parents and keep kids safe, period. Whether or not it will work remains to be seen.
Questions for Your Attorney
- Does the Children's Online Privacy Protection Act apply to teenagers?
- Who do I contact if I believe the Children's Online Privacy Protection Act is being violated?
- What can I do to protect my children from online criminals?