Update: FTC warns Web sites to comply with children's privacy law

The Federal Trade Commission (FTC) is warning Web sites catering to children to comply with a new privacy law that took effect in April, or else they will face its wrath.

In an announcement yesterday, the FTC said it's sending e-mail messages to "scores of Web sites" directed at children to alert them that they could face legal action as early as September if they aren't in compliance with the Children's Online Privacy Protection Act (COPPA).

"Protecting children's privacy is a priority for the FTC," said Jodie Bernstein, director of the commission's Bureau of Consumer Protection, in a statement. "We intend to ensure that Web sites collecting personal information from kids are complying with COPPA and that kids' information is protected, not exploited."

The FTC said its staff recently surfed the Internet to check on whether Web sites were in compliance with the act, then e-mailed the offending ones. Violators could face civil penalties of $11,000 per violation, and the commission said it has a number of non-public investigations under way.

The law requires Web sites that get traffic from children who are less than 13 years old to post a privacy policy detailing the personally identifiable information they collect from their youthful visitors. That includes information required to register as a user of a site or even data that children may reveal in chat rooms or on posting services.

Web sites affected by COPPA also must have a parental notification-and-approval policy in place. Different levels of notification are mandated, depending on the amount of data shared. For example, sites that don't share information with other companies can notify parents by e-mail, whereas those that do share data or give children the opportunity to do so must notify parents off-line via faxes or phone calls.

One site that claims to have come into compliance with the act since it went into effect is former Beanie Babies manufacturer Ty Inc. In April, Ty didn't list its corporate contact information as required by COPPA, even though children can register to participate in online chats on the company's Web site.

At the time, Ty had an unlisted telephone number for its Oak Brook, Ill., headquarters (see story). Now, however, the company prominently posts its privacy policy and lists all pertinent contact information while also stating that it adheres to COPPA.

Parry Aftab, a lawyer whose firm Aftab and Savitt just joined New York-based intellectual property law firm Darby & Darby, said she has been working closely with the FTC on online privacy issues related to children. Since April, she added, advocacy groups have been alerting the FTC to Web sites that they believe aren't complying with the law.

"A lot of sites have been lackadaisical," said Aftab, who is also the author of The Parent's Guide to Protecting Your Children in Cyberspace. "They all panicked and tried to get into compliance by April 21 because they thought the FTC would do terrible things [right away]. But when the FTC didn't do anything, those sites basically thumbed their noses at the FTC because they felt there were no teeth in the law."

But now, Aftab added, the FTC is saying that it will show companies "how many teeth there are" in COPPA if they don't comply by September. And she said it's not just the wrath of the FTC those companies will have to face -- they'll also face the ire of parents. "After the adverse publicity, parents won't let their kids go to those sites," Aftab predicted.

Claudia Bourne Farrell, an FTC spokeswoman, said she couldn't release specifics of how many sites were found to be not in compliance or identify any of them. "We went out and did a quick snapshot of sites," she said. "In September, we'll go back and do [another] survey using more scientific methods. Enforcement action could follow immediately after that."

Not every consumer protection advocacy group, though, is happy about the FTC's enforcement plans. A spokesman for Dallas-based Emailabuse.org, said the FTC is wasting taxpayer money on enforcing legislation that his organization feels misses the mark in protecting children's privacy.

In a press release issued in April, Emailabuse said most companies will determine that it's unfeasible or too expensive to obtain parental consent on every form filled out by a child. Instead, the group added, they will decide not to allow children to access their Web sites. The spokesman called for "more education of parents and children" on the issue of online privacy as a more effective tool for protecting children.

The FTC also appears to be taking action on that front. The commission has launched a Web site devoted to children's privacy issues and said it's working with the U.S. Department of Education to provide schools, children and parents with information about online privacy.

In addition, the FTC plans to hold a workshop for Web site operators on COPPA compliance issues at its Washington headquarters Aug. 22.

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon