The rise of the Internet brought in various opportunities and concerns. One of the major concerns was regarding privacy rights of Minors especially those under the age of 13. Many companies started to collect data of these children for marketing purposes without any parental notification or consent. In response to this, the US Congress passed the Children Online Privacy Protection Act in 1998 which took effect in April 2000. This act specifically protects the privacy rights of children under the age of 13 by requesting parental consent to collect any personal information of the user.
Requirements under this Act -
- Acquisition of a verifiable parental consent prior to collection of personal information from a child under the age of 13.
- Disclosure to parents of any information collected on their children by the website.
- A Right to revoke consent and have information deleted.
- A limited collection of personal information when a child participates in online games and contests.
- A general requirement to protect the confidentiality, security, and integrity of any personal information that is collected online from children.
Factors to Determine Children Content -
- Subject matter,
- Visual content,
- Animated characters,
- Child-oriented activities and incentives,
- Age of models, and
- Ads that promote or appear on the property.
- Music/Audio Content
- Child Celebrities or Celebrities that appeal to Children.
Personal Information under COPPA -
- Email addresses
- First and last names
- Screen names
- Instant message details
- Physical addresses
- Telephone numbers
- Video and Audio files
Enforcement of COPPA -
At the Federal Level, COPPA violations are considered unfair and deceptive trade practices under Section 5 of the Federal Trade Commission Act. Thus the FTC imposes penalties for violations. The FTC monitors the Internet and also encourages complainants from parents to find potentials violators. Violators can be liable up to $11000 per violations. At the state level, COPPA authorises the state attorney general to bring an action in federal district court to enforce compliance with the FTC.
Social Media and COPPA -
20 years have passed since COPPA came into effect. The present internet landscape is absolutely different from the internet of the 2000s. Social media such as Facebook, Instagram, YouTube have become a part and parcel of life, however, these media have all come under scrutiny for potential COPPA violations. This is because evidence has surfaced that many children under the age of 13 are all using these services without any parental supervision and various forms of data are being collected from these children. This has lead to massive changes within the social media Industry with some even creating a platform exclusive for Children for eg YouTube Kids.
The FTC in 2013 updated its COPPA rules to broaden the definition of children’s personal information to include data types such as persistent identifiers, cookies, geolocation information, photos, videos and audio recordings. These changes had wide ranging effects on social media which resulted in many companies working with the FTC to change their privacy policies. The effects of COPPA is not only felt within US but throughout the world, this is because companies that transcend into various market do not create policies for each market rather they create one policy which is applicable to all users. Thus any changes in COPPA will affects the user base of all people outside US as well.
In order to make it much easier for companies to comply with COPPA, FTC has created “Safe Harbour” provisions. Safe Harbour means an industry group may avoid compliance with COPPA Rule if the group were to generate self-regulatory guidelines approved by the FTC. An industry group can request approval for such guidelines by providing the FTC with the proposed guidelines and an accompanying commentary showing compliance of the guidelines with the COPPA regulation.
To be entitled for a safe harbor treatment, the proposed guidelines must contain requirements that are substantially similar to COPPA, a mechanism for evaluation of the operators’ compliance with the guidelines, and incentives for compliance. Suggested mechanisms to determine compliance include periodic and random reviews of operators’ practices, periodic industry or independent reviews of practices of all subject operators, and comprehensive information practices reviews as a condition of membership in self-regulatory programs.
Criticisms of COPPA -
COPPA is controversial and has been criticized as ineffective and potentially unconstitutional by legal experts and mass media since it was drafted. Complaints leveled against the legislation include website owners banning users 13 and under which only “encourages age fraud and allows websites to bypass the burden of obtaining parental consent” and the active suppression of children’s rights to freedom of speech, self-expression, and other First Amendment due to necessity of registering accounts to do so.
Critics have claimed that the methods outlined by the FTC for verification — sending/faxing signed printed forms, a supplement of credit card numbers, calling toll-free numbers, or forwarding digital signatures through email — are too costly, cumbersome, and inadequate in protecting personal information. Even though new technologies are being developed, the current verification methods are too slow and impractical. The process of verification of mails, emails, and credit card numbers may take over a day. Further, disclosure of credit card information will expose the parents to the same privacy risks that they are trying to protect their children from and deter them from using such online services in general. As a consequence, children may manipulate information to access these websites, and in the long run, online businesses may either eliminate children-focused sites. Some sites simply claim that they do not sell products to children, and therefore do not need to comply with COPPA.
Protecting the privacy rights of Minors especially those under the age of 13 is very important and a noble cause as well. However, we need to ensure that in the name of protecting their privacy rights we don’t affect or restrict the flow of information to Children.