Web developers and operators at sites catering to kids got the full flavor of Internet regulation last week when they scrambled to meet the April 21 deadline to comply with the nation's first law governing online privacy. And some sites probably didn't make it, risking stiff fines.
The Children's Online Privacy Protection Act mandates that Web sites that either target children under the age of 13 or collect personal information from them have a privacy policy posted that spells out what information they collect as well as parental notification and consent systems.
"What we're learning is that a lot of sites aren't in compliance," said Parry Aftab, a partner at Springfield, N.J.-based Aftab & Savitt PC, which specializes in Internet laws concerning children. "They think they are, but they aren't."
Part of the problem, said Aftab, is that many general-interest Web sites that have a section for children or run a special kids' event, such as a contest, don't realize that they must comply with COPPA.
And compliance can be difficult and costly.
Alison Pohn, managing director at The FreeZone Network in Chicago, said her company spent $96,000 making its site compliant with the act. She recommends hiring a lawyer to determine what level of consent is required and what must be included in the privacy statement.
The act requires that any site with knowledge that children under the age of 13 are visiting and sharing personally identifiable information - whether it's required for registration at the site or might be revealed in a chat room or posting service - must gain prior parental consent. The consent requirement ranges from e-mail notification for sites that don't share information to off-line verification - via fax or telephone - for sites that share personally identifiable information or allow children the opportunity to do so, such as in a chat room.
Most major children's sites, such as Atlanta-based Cartoon Network Inc. and New York-based Nick.com, have worked diligently to meet COPPA's requirements, according to Loren Thompson, an attorney at the Federal Trade Commission.
"I think it behooves a lot of businesses to do these things anyway," she said.
For some sites, complying with COPPA went down to the wire.
At the Web site of former Beanie Baby maker Ty Inc., for example, kids can register to participate in online chats. But the day before the deadline, the company's privacy statement didn't list the required contact information. COPPA mandates that kids ' sites list contact information such as address, telephone number and e-mail so parents can easily reach the company.
John Hong, Internet coordinator at Ty, said the company has been working on COPPA for some time and that he expected the site to be "100% compliant" by the FTC deadline. On Friday, the company's privacy policy had been updated to meet COPPA requirements.
COPPA "may shake up the industry," said Allison Ellis, vice president of programming and content at Los Angeles-based FoxKids.com Inc., which brought its site into compliance the day before the deadline. "There are places that simply collect information and thumb their noses at the FTC."
The FTC will be pursuing several cases in the coming months and searching for noncompliant sites, Thompson warned.
Sites that don't meet COPPA requirements could face fines of $11,000 per violation.