Online Privacy Protection Act for kids instituted - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Online Privacy Protection Act for kids instituted

By ZDNet News, 0
October 20, 2000
URL: http://www.zdnet.com.au/news/security/soa/Online-Privacy-Protection-Act-for-kids-instituted/0,130061744,120106402,00.htm

Operators of commercial Web sites or online services that collect personal information from children or operators of general audience Web sites that knowingly collect personal information from children must comply with COPPA.

The Children's Online Privacy Protection Act (COPPA), effective April 2000, applies to the online collection of personal information (such as full name, home address, e-mail address and telephone number) from children under 13.

The Act and Rule also covers information such as hobbies, interests and information collected through cookies or other types of tracking mechanisms when they are tied to individually identifiable information.

The new rules spell out what a Web site operator must include in a privacy policy, when and how to seek verifiable parental consent from a parent and what responsibilities an operator has to protect children's privacy and safety online.

Protection rules
Web site operators must post their privacy policy. Web sites directed to children or that knowingly collect information from kids under 13 must post a notice of their information collection practices that includes:

types of personal information they collect from kids.

how the site will use the information, for example, to market to the child who supplied the information, to notify contest winners or to make the information available through a child's participation in a chat room.

whether personal information is forwarded to advertisers or other third parties.

a contact at the site.

Website operators must get parental consent. In many cases, a site must obtain parental consent before collecting, using or disclosing personal information about a child. Consent is not required when a site is collecting an e-mail address to:

respond to a one-time request from the child.

provide notice to the parent.

ensure the safety of the child or the site.

send a newsletter or other information on a regular basis as long as the site notifies a parent and gives them a chance to say no to the arrangement.

Website operators must get new consent when information practices change in a "material" way. They must notify parents and get consent again if they plan to change the kinds of information they collect, change how they use the information or offer the information to new and different third parties.

For example, new parental consent would be required if the Web site decides to:

send information from children to marketers of diet pills instead of only marketers of stuffed animals, as covered in the original consent.

give a child access to a chat room if the parent's original consent covered only sending a newsletter.

Website operators must allow parents to review personal information collected from their children. To do this, site operators must verify the identity of the requesting parent; and they also must allow parents to revoke their consent and delete information collected from their children if the parent requests it.

When a parent revokes consent, the site must stop collecting, using or disclosing information from that child. The site may end a child's participation in an activity if the information it collected was necessary for participation in the Web site's activity.

The Federal Trade Commission will hold a one-day free public training program on 15 November 2000, to review key compliance issues under the COPPA and its implementing Rule.

Operators of Web sites, those directed to children and Web sites that knowingly collect personal information from children, are encouraged to attend.

For more information, visit www.ftc.gov/kidzprivacy.