Web sites catering to kids are scrambling to meet tomorrow's deadline to comply with the Children's Online Privacy Protection Act (COPPA) β and many won't make it, possibly facing stiff fines, according to the Federal Trade Commission.
The act mandates that sites whose traffic includes children under the age of 13 post a privacy policy spelling out what information they collect about their child visitors and have a parental notification and approval system in place.
"What we're learning is that a lot of sites aren't in compliance," said Parry Aftab, a children's Internet lawyer and author of The Parents Guide to Protecting Your Children in Cyberspace. "They think they are, but they aren't."
Part of the problem, according to Aftab, is that many general-interest Web sites that have a section for children or run a special kids' event, such as a contest, don't realize that they must comply with COPPA.
And complying can be difficult. The act requires that any site whose owners know that children under the age of 13 are visiting and might share personally identifiable information β whether that means information required for registration at the site or even data the kids may reveal in a chat room or posting service β must gain prior parental consent.
The act requires different levels of notification, depending on the amount of data shared. Sites that don't share information, for example, must notify parents by e-mail, while those that do share information or allow children the opportunity to do so must notify parents off-line using fax or phone.
Most major children's sites, such as Cartoon Network and Nick.com, appear to be prepared for COPPA, according to Loren Thompson, an attorney at the FTC. But that has come at a price.
FreeZone Network estimates it spent a "hefty" $96,000 on staffing, system administration, and hardware and software to make its site compliant with the act, according to Alison Pohn, the Chicago-based company's managing director.
Other companies have taken a different tack.
"Our way to be compliant is to just not allow kids 12 and under on the site," said Karen DeMars, president of eCrush.com, a San Francisco-based site that offers a high-tech approach to junior-high note passing through e-mail aimed at young teens. "We just didn't have the manpower to verify all the parental consents, and there's just no faking that."
Eliminating children who indicate on a registration form that they're under 13 cut eCrush's audience of 350,000 users by about 5%, she said. The additional staffing and programming needed to comply, however, would have cost an additional $50,000, which was too big a price tag given that the site runs at a cost of about $1 per user per year, DeMars said.
But many sites still haven't complied with COPPA and face the possibility of stiff fines.
At the Web site of former Beanie Baby maker Ty Inc., for example, kids can register to participate in online chats, but the company's privacy statement doesn't list the required contact information. COPPA mandates that kids' sites list contact information such as address, telephone number and e-mail so parents can easily reach the company.
Ty keeps the phone number of its Oak Brook, Ill., headquarters unlisted and didn't return calls seeking comment.
The FTC will be pursuing several cases in the coming months and surfing to find noncompliant sites, Thompson said.
"Since this involves the protection of children, we will be enforcing it," she said, spelling out the $11,000 per-violation penalty. "If you're collecting information from 300 kids, that's 300 times $11,000."