Kid's Privacy on the Net

In 1998 it was estimated that 14% of American children were participating in online activities (FTC 5). Fast forward to today, recent studies that indicate that nearly 90% of all school-age children now have access to computers in their home or school (PRC, 2004). 

Millions of children are surfing the Internet engaging in a variety of actions that include formal learning (homework/research), games, email, chat, electronic bulletin boards, webpage creation and general exploring.

The internet provides tremendous opportunities for children to research and explore every aspect of their world, but lurking in the shadows lays a potential risk.

This influx of children to the internet has created a market for advertisers and potential criminals/predators. They use the web to gather personal information from children for their own purposes from marketing research to cyber crimes.

This type of activity has increased the need to recognize children’s privacy on the Internet. 

Online Marketing to Children

Legislation History

In July 1997, the Federal Trade Commission (FTC) issued guidelines for the online collection of personal information from children.  The FTC stated that it considers the collection and sale of information from children without due disclosure and parental consent to be an unfair practice under Section 5 of the Federal Trade Commission Act (FTC5, 1998). 

They define personal information as items such as name, e-mail address, home address, telephone number, social security number and any other personally identifiable information.  The FTC also stated that the operators of the web sites soliciting children's personal information must disclose the intended uses of the information; if they disclose such information to a third party, the web operators must obtain parental consent (FTC5, 1998).

In the mid-1990’s studies by the FTC and various public interest groups discovered that a significant amount of personal information was collected via commercial web sites aimed at children in order to better target them with advertising. Children represent billions of dollars in consumer spending (PRC, 2005).

The FTC continues to monitor web sites geared to children.  In June 1998, the FTC issued a Report to Congress on Privacy Online (FTC5, 1998).

This report states that the FTC found that 89% of the 212 child-oriented web sites it visited collect personally identifiable information directly from children, and only half of them disclose their information collection practices.  Fewer than 10% of these sites provide for some form of parental control over the collection of information (FTC5, 1998). 

Based on these findings, the FTC recommended legislation that required websites to place information control back into the hands of parents in regards to the collection of personal information from minors under the age of thirteen. The FTC's request was granted. 

In October 1998, Congress passed the Children's Online Privacy Protection Act of 1998 (COPPA) (http://www.ftc.gov/ogc/coppa1.htm) which in turn created the Children's Online Privacy Protection Rule (PRC, 2005).

COPPA

The Children's Online Privacy Protection Act of 1998 (COPPA) requires the FTC to issue and enforce rules concerning the privacy of children while online. COPPA is not to be confused with COPA, which is the Child Online Protection Act.  COPA is an entirely different, controversial anti-pornography law that was declared unconstitutional. 

On October 20, 1999, the FTC issued the Children's Online Privacy Protection Rule (COPPR). COPPR went into effect on April 21, 2000 with the primary goal of putting parents in control of what information was collected from their children online (CDT2, 2005). 

The rule applies to web operators of commercial web sites that are directed to children under the age of thirteen that gather personal information, web operators of general audience sites that knowingly collect information from children under the age of thirteen, and web operators of general audience sites that have a separate children's area where they collect personal information from children under the age of thirteen (FTC1, 2002).

Essentially, it is understood that children under the age of thirteen may not be fully capable of understanding the consequences of disclosing personal information online.  For this reason, COPPA was designed to ensure that children could continue to interact and search for information on the Internet without being unfairly targeted by web sites.

If a site wishes to gather information from children, the COPPR requires that web operators do the following:

• Post a privacy policy on the home page of the website and link to the privacy policy wherever personal information is collected within the site.  To view such a privacy policy, visit the Topps website (http://www.topps.com/PrivacyPolicy.aspx).
• Provide notice to parents about the site's information collection practices and get parental consent before obtaining collection information from children.  Exceptions to the parental consent requirement do exist.  Children are allowed to ask questions via e-mail without parental consent and to register to receive a newsletter as long as a parent is notified and can cancel the newsletter (CDT1, 2002).
• Give parents the choice to consent to the collection and use of a child's personal information.  Parents must also be given the chance to choose whether their child's information may be shared with a third party.
• Provide parents with access to their children's information.  Parents must also be allowed to delete the information and choose whether future collection of their child's information will be allowed.
• Maintain the confidentiality, security, and integrity of the personal information gathered from children (FTC1, 2002).

Please note that teachers may act in place of the parents when deciding whether or not to give consent (FTC4, 2000).

In order to determine whether a web site is directed to children, the FTC considers many factors, which include subject matter, visual or audio content, language, advertising within the site, and whether a site uses animated characters or other child-directed features (FTC3, 2002).

Web sites that offer chat options to children have two choices under the COPPR.  The sites can either ensure that personal information if stripped from children's messages and deleted from the site's records or the sites can obtain parental permission via fax, 800 numbers, credit card verification, digital certificates, or e-mail combined with a password issued through one of the other verifiable methods (CDT1, 2002).  By the completion of either of these options by the sites, children can be allowed to enter chat rooms online.

Overall, COPPA and the COPPR provide many guidelines to help protect children online.  Websites must follow these guiding principles or face a hefty fine, as determined by the FTC.  The FTC continues to monitor websites for compliance.  For the latest on information on COPPA enforcement cases visit the FTC website (http://www.ftc.gov/privacy/privacyinitiatives/childrens_enf.html).

In 2001, the FTC conducted another survey of children's web sites; they found that much progress has been made since their 1998 survey.  Nearly 90% of the sites in the survey that collected personal information from children had privacy policies, as compared to 24% in 1998.  At the same time, however, the survey showed that many sites are not fully complying with all of the requirements of the COPPR.  Only about half of the sites surveyed complied with requirements such as informing parents about their right to review information collected, have it deleted, and to refuse further collection of information (FTC2, 2005).

The COPPR is presently under review. The COPPA required a review and the acceptance of public comments on the COPPR five years after its implementation. This process is presently underway (FTC6, 2005).

TRUSTe

The COPPA includes provisions for the creation of “safe harbors”. These “safe harbors” allow operators to submit self-regulatory guidelines to the Commission for approval. These self-regulatory guidelines must include the protections established in the COPPR (FTC7, 2005). One such program is TRUSTe.

For an operator entering the TRUSTe program, a privacy seal is posted on that company's website. 

Parents and children who visit that site know that the site has fulfilled the requirements for TRUSTe and COPPA, that TRUSTe is continuously reviewing the site to ensure that it is not violating its privacy policy, and that a formal complaint and resolution procedure exists if visitors of the site feel that it is not in compliance with the TRUSTe program (TRUSTe, 2005). 

The TRUSTe program is designed to ensure fair information collection practices in regard to children.  All parents want a safe and trustworthy environment for their kids online; the TRUSTe Children's Privacy Program helps ensure that children are protected online.

“Cookies/Web Bugs”

As previously indicated, advertisers and marketers can use the internet to pursue children in the marketplace. They statically place “cookies” or “web bugs” on commercial web sites in an effort to gather data know as a “clickstream”. This “clickstream” records and transmits the web sites your child visits in order to gather information about their interest for purposes such as marketing. Both Microsoft Internet Explorer and Netscape can be configured to reject cookies in an effort to preserve this privacy. (PRC, 2005)

Personal Communications by Children

Chat Rooms, Instant Messaging, and eMail

In June, 2000 the National Center for Missing and Exploited Children released a report entitled “ Online Victimization: A Report on the Nation's Youth” that was based on interviews conducted with 1,501 children ages 10 to 17 all who regularly utilize the internet (NCMEC, 2000).

They discovered…

• “Approximately one in five received a sexual solicitation or approach over the Internet in the last year.”
• “One in thirty-three received an aggressive sexual solicitation — a solicitor who asked to meet them somewhere; called them on the telephone; sent them regular mail, money, or gifts.”
• “Approximately one quarter of young people who reported these incidents was distressed by them.”
• “Only 17 percent of youth and approximately 10 percent of parents could name a specific authority, such as the Federal Bureau of Investigation, CyberTipline, or an Internet Service Provider, to which they could make a report, although more said they had "heard of" such places.”
• “In households with home Internet access, one third of parents said they had filtering or blocking software on their computer at the time they were interviewed.”

Privacy helps to ensure the safety of children that communicate on the internet. The findings presented in this report are disturbing and call for diligence when children venture onto the internet. Children should be encouraged to explore the brave new world of the web, but interactions require monitoring and education to ensure their transmissions contain no personally information. ( NCMEC, 2000)

The Internet Education Foundation recommends the following to protect child privacy online (IEF, 2005):

• Instruct children “not to reveal any personal information without parental permission”.
• “Consider installing a filter that prevents your child from entering his or her name, address, phone number, or other material.”
• “Consider installing monitoring software that will disclose if your child has entered personal information.”
• “Consider preventing your child from using chat groups.”
• “Consider monitoring your child's incoming and outgoing e-mail.”
• “Consider limiting chat only to people your child knows or requiring that he chat only in moderated chat areas run by reputable companies or organizations.”

Conclusion

Protecting children's privacy while online has rapidly become an increasingly important issue.  Many risks exist for children on the Internet. 

Congress addressed part of this issue with the passing of COPPA in 1998; the FTC passed the COPPR to further addressed the issue of children's online privacy. 

Web sites now have multiple requirements they must meet if they wish to gather information from children under the age of thirteen.  If the sites do not comply with these regulations, the FTC will mandate that the site pay a hefty fine.  While the COPPR does not guarantee that children are completely and fully protected from advertisers and marketers while online, the FTC is striving to create a safe, trustworthy environment for children by continuous checks for compliance with COPPA and the COPPR. 

By remaining vigilant, the FTC and other child protection agencies will continue to strive for the safety of children online.  However, these agencies cannot do it alone. Parents and educators must teach children about the appropriate disclosure of their personal information and the risks associated with being online. Their personal safety may depend on it.