THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT
IVAN HOFFMAN, B.A., J.D.
To determine whether a web site is directed to children, defined as being 13 years old and younger, the Federal Trade Commission, the governmental body in charge of enforcement, looks at several factors as to the site, including:
To determine whether you are an “operator” of the site, the FTC considers the following factors, among others:
And while these provisions may not appear to apply directly to web designers, in the web design/client relationship there may be an implication that the designer should be held to know about such laws and failing to include the appropriate provisions to make the site comply with the Act may subject the designer to liability as to the client. The same would apply to the client/host relationship and the host should have these same kinds of legal protections from the site. Thus, designers and hosts should be examining their written contracts with their respective clients to make certain that the burden of compliance does not fall on the designer’s or host’s shoulders.
What Kind of Information Is Covered By The Act?
The Act is designed to protect children from certain personal information gathering procedures without parental consent. Thus, if your site collects information such as names, addresses, phone numbers, email addresses and other information from which a child’s identity can be determined, either online or offline, the Act applies to your site. But the Act also applies to information such as about hobbies, interests and information collected through cookies or other types of tracking mechanisms if those mechanisms can be tied to individually identifiable information.
What Must the Site Owner Do To Comply?
If the Act applies to your site, you must post a link to a notice of your site’s information practices on the home page of your site and at each area where the site collects the above information from children. If you run a site that is more of a general audience site but which has a separate area that targets children, you must post a link to your privacy notice on the home page of the children’s area.
The link to this notice must be “clear and prominent.” And the FTC guidelines suggest that you may want to use a larger size font or different color type on a contrasting background and it specifically states that merely having a link at the bottom of the page is not sufficient.
The notice must contain:
One of the key parts of the Act is that the operators must provide a written procedure for a notice sent directly to the parents and for the parents to actively consent, in writing, to the collection of this information prior to the information being collected. The site operator must notify a parent in the form of an email, postal mail, fax and in other similar ways set forth in the regulations and the operator must then get a “verifiable parental consent” to the entire process. During an interim period, there are specific regulations about how this consent is to be obtained based upon how the information is going to be used. The more public the use of the information, the more stringent are the requirements for consent. And there are regulations that specify what “verifiable” means in the context of the Act.
In the event the site changes how the information is collected, used or disclosed, a new, verifiable parental consent must be obtained and, of course, the written policy must be changed on the site.
At any time, the parent can revoke any previously granted consent either to the collection of information or to its use. Thus, if you disseminate this information to third parties, you must have a corresponding procedure to have such third parties delete any information so requested to be deleted by the parent.
The above discussion is not intended to be exhaustive of the Act’s scope nor its requirements and you should consult with an experienced Internet law attorney to advise you about how the Act may apply to your site.
Given the potential severity of the impact on children as well as the significant legal liability to which the site may be exposed by failure to comply, you as a site owner are well advised to seek appropriate legal advice.
© 2000 Ivan Hoffman