|
|
New Rule Will Protect Privacy of
Children Online
Effective April 2000 Certain Web
Sites Must Obtain Parental Consent before Collecting Personal Information
from Children The Federal Trade Commission today issued the final
rule to implement the Children's Online Privacy Protection Act of
1998 (COPPA).
The main goal
of the COPPA and
the rule is to
protect the privacy
of children using
the Internet.
Publication of
the rule means
that, as of April
21, 2000, certain
commercial Web
sites must obtain
parental consent
before collecting,
using, or disclosing
personal information
from children
under 13. "This
final step achieves
one of the Commission's
top goals - protecting
children's privacy
online," said
FTC Chairman Robert
Pitofsky. "The
rule meets the
mandates of the
statute. It puts
parents in control
over the information
collected from
their children
online, and is
flexible enough
to accommodate
the many business
practices and
technological
changes occurring
on the Internet."
The COPPA was
enacted following
a three-year effort
by the Commission
to identify and
educate industry
and the public
about the issues
raised by the
online collection
of personal information
from children
and adult consumers.
The Commission
recommended that
Congress enact
legislation concerning
children following
a March 1998 survey
of 212 commercial
children's Web
sites. The survey
found that while
89 percent of
the sites collected
personal information
from children,
only 24 percent
posted privacy
policies and only
one percent required
parental consent
to the collection
or disclosure
of children's
information. The
COPPA received
widespread support
from industry
and consumer groups.
On October 21,
1998, the COPPA
was signed into
law. The statute
gave the Commission
one year to issue
rules to implement
its privacy protections.
On April 27, 1999,
the Commission
published a proposed
rule in the Federal
Register and requested
public comment
on a number of
its key provisions.
The Commission
received 145 comments
from a variety
of sources including
Internet businesses,
privacy and children's
advocacy groups,
technology companies,
and individuals.
The statute and
rule apply to
commercial Web
sites and online
services directed
to, or that knowingly
collect information
from, children
under 13. To inform
parents of their
information practices,
these sites will
be required to
provide notice
on the site and
to parents about
their policies
with respect to
the collection,
use and disclosure
of children's
personal information.
With certain statutory
exceptions, sites
will also have
to obtain "verifiable
parental consent"
before collecting,
using or disclosing
personal information
from children.
The rule will
become effective
on April 21, 2000,
giving Web sites
six months to
come into compliance
with the rule's
requirements.
The issue of how
Web sites can
obtain "verifiable
parental consent"
generated the
most interest
among the commenters
and prompted the
Commission to
hold a workshop
devoted to the
issue. The statute
defines "verifiable
parental consent"
as "any reasonable
effort (taking
into consideration
available technology)
... to ensure
that a parent
of a child ...
authorizes the
collection, use,
and disclosure"
of a child's personal
information. The
comments and the
workshop testimony
(available on
the Commission's
Web site) showed
that certain methods
of consent provide
greater assurances
that the person
providing consent
is the child's
parent, but that
some of these
methods need additional
time to develop
and become available
for widespread
use. As noted
below, the final
rule temporarily
adopts a "sliding
scale" approach
that will allow
Web sites to vary
their consent
methods based
on the intended
use of the child's
information.
Verifiable Parental Consent
The final rule
temporarily adopts
a "sliding scale"
approach that
allows Web sites
to vary their
consent methods
based on the intended
uses of the child's
information. For
a two-year period,
use of the more
reliable methods
of consent (print-and-send
via postal mail
or facsimile,
use of a credit
card or toll-free
telephone number,
digital signature,
or e-mail accompanied
by a PIN or password)
will be required
only for those
activities that
pose the greatest
risks to the safety
and privacy of
children -- i.e.,
disclosing personal
information to
third parties
or making it publicly
available through
chatrooms or other
interactive activities.
For internal uses
of information,
such as an operator's
marketing back
to a child based
on the child's
personal information,
operators will
be permitted to
use e-mail, as
long as additional
steps are taken
to ensure that
the parent is
providing consent.
Such steps could
include sending
a confirmatory
e-mail to the
parent following
receipt of consent,
or obtaining a
postal address
or telephone number
from the parent
and confirming
the parent's consent
by letter or telephone
call. The "sliding
scale" will sunset
two years after
the effective
date of the rule,
at which time
the more reliable
methods would
be required for
all uses of information,
unless the Commission
determines more
secure electronic
methods of consent
are not widely
available.
If you have any questions about the security at this web site, you
can send an email to: Lady
WillowShimmer.
All
rights reserved. Nothing to be taken without
prior written permission from us.
Fairy Musings Founded and owned by Lady WillowShimmer,
Owned by Amaranthine
and Co-Owned By Mystic
~©copyright 2006-2008~
|
|
|
