Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy

COPPA, What Are You Doing About It? 75

dantes asks: "As the managing Internet engineer for a large commercial entertainment site, I am wondering what measures people are taking to deal with the Children's Online Privacy Protection Act (COPPA), which goes into effect April 21, 2000. A description of who must comply from the FTC Web site: "If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that it collects personal information from children, you must comply with the Children's Online Privacy Protection Act." I have run this by higher-ups and our lawyers here and have received little to no response. I would prefer to not have to re-write our registration functionality on the 20th of April. I have theorized a bunch of tricks including simply not saving information for users who represent themselves as younger than 13; my thinking is that we will be able to use our source code and our data to defend our policy should the need arise. Any other ideas?" Will most online registration forms need to be changed for this? Is it even something that deserves worrying about?

Some more information from michael : COPPA shouldn't affect most sites. Unless your site is targeted toward children and actively solicits personal information (name, e-mail address, regular address, age, etc.) from children, you probably have to do nothing. Here's a snippet, straight from the FTC:

"If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have
actual knowledge that it collects personal information from children, you must comply with the Children's Online Privacy Protection Act."

"Children" is defined to mean "people under the age of 13". So unless your site is directed to kids 12 and under and collects information from visitors OR you collect information and you know that you're collecting information from kids 12 and under (for instance, you make them register and include an age category with "12 and under" as one of the choices), you don't need to do much at all. Just don't ask their age!

Slashdot received reports that Yahoo was forcing people to provide credit card information in order to register for services. Well, part of Yahoo is directed specifically at children, and Yahoo does collect personal information, so they're concerned. The submissions implied Yahoo was doing this for ALL of their services though, which seems like overkill - a ploy to justify seeking more information from adults (a credit card allows Yahoo to identify you precisely, of course). I would avoid any online service that required adults to provide a credit card or anything similar. If some service is using COPPA as an excuse to demand intrusive information from adults, call them on it.

The law is intended to slow down (hardly stop) sites designed to market to little kids. Registering as "12 and under" at Disney's site, for instance, seeks my name, date of birth, gender, zip code, e-mail address (more than enough information to identify me exactly), mother's maiden name and parent's e-mail address - a veritable bonanza of information. I was waiting for them to ask me for a DNA sample. Disney sends an e-mail to the parental e-mail address. Currently Disney does NOT comply with COPPA; the e-mail sent does not in any way notify the parent that they can opt-out of the information collection, it just says "We collected this information from your child and we're really good people so you can trust us with it. And it's a good thing you can trust us, because we've got it now, and we're not giving it back." Compare the FTC guidelines:

"The notice to parents must contain the same information included on the notice on the Web site. In addition, an operator must notify a parent that it wishes to collect personal information from the child; that the parent's consent is required for the collection, use and disclosure of the information; and how the parent can provide consent. The notice to parents must be written clearly and understandably, and must not contain any unrelated or confusing information. An operator may use any one of a number of methods to notify a parent, including sending an email message to the parent or a notice by postal mail."

So, Disney doesn't comply. But they still have a few days. You may want to check out the FTC's information page which has all you need to know about COPPA. If you want to steer clear of any problems whatsoever, it's simple: don't market to little kids. It takes a certain amount of slime to market to people under age 13 anyway - since they don't have any money, you have to brainwash them to pester their parents. If you do want to market to little kids, COPPA isn't much of a barrier. You may need to notify the parents, but you can simply condition your entertainment service on the provision of information and most parents will probably comply. Then you can market to your heart's content, including selling the information to other companies. COPPA is a pretty feeble barrier, and I don't have much sympathy for anyone who gets tripped up by it. We've already seen that the FTC refuses to investigate even large-scale privacy fraud on the part of Internet companies, so it seems extremely doubtful that they're going to deploy COPPA Vice Squads to go out and enforce compliance. Unless you're a really big company in really flagrant violation of the law, you have nothing to worry about.

This discussion has been archived. No new comments can be posted.

COPPA, What Are You Doing About It?

Comments Filter:
  • "an operator must notify a parent that it wishes to collect personal information from the child; that the parent's consent is required for the collection, use and disclosure of the information"

    In order to notify a parent don't they have to already have collected some information?

  • by Syberghost ( 10557 ) <.syberghost. .at. .syberghost.com.> on Wednesday April 19, 2000 @11:58AM (#1123069)
    You can't think of a single one?

    Such as, perhaps, Slashdot collecting one's real email address for granting a login account?

    Collecting one's state of residence before allowing one to participate in a contest that's illegal in some states?

    Collecting one's zip code to provide TV listings that actually relate to what's on one's cable offerings?

    I think you didn't try very hard to think of those reasons.

    Frankly, I think the solution is to simply bar access to one's site completely to anyone who identifies himself as under 13, and blame this law for it. If enough angry parents call their Congressman with complaints about, say, Yahoo suddenly being inaccessible, perhaps this law will be rethought.

    WTF is the government doing in this, anyway? I can protect my kid just fine without their help, thankyouverymuch.

  • by mindstrm ( 20013 ) on Wednesday April 19, 2000 @12:00PM (#1123070)
    So. My kids get privacy protection, and I have to expressly give my permission for their information to be stored somewhere.

    Why on earth can't these same things be applied to myself? *I* want these protections! You shouldn't be able to harvest information about ME, EITHER!
  • "Is it even something that deserves worrying about?"
    You're asking from the user's side, while he's on the server side. Apparently he's in a company which can decide which laws to ignore. He must be working for Clinton or Gore.
  • Wouldn't this be just the inverse of the Leisure Suit Larry (old version) quiz you used to get to verify you were old enough to play?

    hmmm.... that didn't seem to stop me then from getting in...
  • So, it seems that I could set up a magnet site outside the US for kiddies, collect their info, destroy any info from non-US kiddies, and sell the resulting mailing list to US companies. On the surface, at least, this looks safe: not "violating" the privacy of any of the locals, so the local cops won't have any excuse to hassle me, if I've chosen my local wisely. And I'm not doing anything inside the US, so I'm certainly safe there too. The only thing which could screw this up is a US law forbidding US companies from using such data. Try enforcing that one!
  • My favorite possession is a copy of Quake, but I still own a car and a house! Does that make me under 13 ? On second thoughts don't answer that

    Actually, as a 36 year old adult, I habitually lie to market segment polls i.e over/under state my income, lie about my age, put the wrong address (where possible) etc.

    I do pity the poor 120 year old earning $200K per year living in Swaziland who is getting my junk mail tho' :-).


  • Why, I'm doing my part to smash the state and capitalism. How about you?

    Anarchist Revolution. NOW!

    Thank you, that is all...


    Michael Chisari
    mchisari@usa.net
  • Any time I hear sombody talkning about "Parents right" it is very clear that they have completley forgoten what it is like to be in high school, your children are alrady out of your hands, the are infact people. All you acomplish by trying to trow you weight around is to iritate and alianate them. And no I am not in high school, I have not been in high school for many years, I just have a memory!
  • "If you're capable of selling to kids (actually, their parents) in the US, you have enough presence in the US for the US law to get at you. "

    So you think but how is that done actually? For example I live in Finland and I don't know any way how you can sue me by means of US law. It is impossible. For any legal action against me I have to violate finnish law, not US! So for, US can keep their laws and I don't have to care them.
  • Oh, it's simple: just move to a civilised country that values its citizens more than its corporations :-)
  • by Yaruar ( 125933 ) on Wednesday April 19, 2000 @09:28PM (#1123079)
    I had a strange message from my excite account saying they had cancelled it because of this legislation. What really confuses me is that I've just turned 24 and always put my correct details when setting these things up...

    Also I'm interested to see how this effects people like myself who *shock horror* do not live in the us...

  • I'm doing my part to smash the state and capitalism.

    Then surely you would welcome a law that attempts to restrict a company's ability to make money by exploiting children, the most vulnerable members of society? :-)

    Cheers,

    Tim
  • Information about minors (12 and under) can be collected with parental consent. But, the defination of parental consent is dependant on your usage of the information. If your usage is simply internal (i.e., you never disclose, give, or sell the infomation), then you can accept the information along with a parental email address. You then send an email to the parent with a link allowing them to opt-out. This opt-out would effectively cancel the user's registration.

    If you plan on releasing, selling, or giving the information away (even to "affiliates"), you need to have much stricter rules. The rules can be so strict, in fact, as to pretty much destroy online registration unless you have a manned phone support team willing to call up parents and get permission.

    Keep in mind that this only applies to sites targetting children 12 and under. If your site is targetted to 13 or over, you are exempt. Of course, you may have to prove that you aren't targetting children 12 and under.

    The safest route (in my opinion) is to have two registrations. The first is for people 13 and over. This is your basic registration. The second is for kids 12 and younger. On this form, you ask for parental email. Lastly, don't give away or sell the information. In a market where personal information is a commodity, this can be a tall order.
  • Remind me to never let any of my friends at my computer again.
  • Try any of these solutions if you want to avoid violating this act:

    1. Don't target your site to people under 13 as a specific demographic.
    2. Don't ask for age on a registration form.
    3. If you must ask for age, use a select list who's lowest band is above 13.

    If you don't target kids, and have no way of knowing if your visitors are kids, you should be fine.

    If you're paranoid, use option 3 for registrations. That way, any kid who registers with your site is lying when he selects anything from your mandatory select list.

    Well, gotta go. Time for recess and then a nap.

    --
  • Okay, how about (not theoretically) a service which provides Youth Sports organizing tools. I happen to be on a team building just such a tool. There are plenty of leagues that have age requirements, and many of the leagues are for 10 year olds or even 6 year olds.

    You need to ask the kids what their age is. You have to collect (minimal) information about them, such as their email addresses.

    So, now you need to get their parent's permission before you collect anything about the kid beyond his or her first name. Plus, you must provide a means for the parent to see what info you have collected about his or her child(ren) and offer the ability for the parent to remove said permission.

    Bravery, Kindness, Clarity, Honesty, Compassion, Generosity

  • when do we get the Adult Online Privacy Protection Act? :)
  • When, oh when will these jerks realize.
    They don't own the internet.
    The internet dosen't exist in one physical place.
    The internet is basically "Use at your own risk."
    Therefore: They have no real juristiction in it.

    The US is very unstable now. With the recent riots in Seattle and Washington D.C. and the numerous cases of police brutality and overreaction in these riots, "The Land of the Free" is looking more like Neo-Toyko in Akira. The tear gas canisters are being fired at point blank range, mass arrests for using the 1st amendment.

    Not that this is totally bad. I kind of find this exciting. I lust over change and dynamic government. I am one of those who believe that people can take care of themselves and don't need a government looking over their shoulder.

    Which brings me on-topic. We don't need this law. If parents are so worried about this, why don't they monitor their children. If the children don't want the parents to monitor them, they shouldn't do dumb things. I was an expert at formulating lies when I was younger than 13, and I would use it all the time. Why don't these kids lie about themselves? If people would just use common sense and understand that the 'net isn't anything more than a sprawl and that you have to take care of yourself in it, then we wouldn't have this problem.

  • Yeah, sure, Blame Canada :-)
  • Considering the fact that the US of A thinks that its law applies everywhere, the US of A will probably try to impose this law on people in other countries - sort of like when the DVD CCA got an "temporary" restraining order against people outside of the US of A for violating the DMCA, even though the US of A really doesn't have jurisdiction over the countries that some of the defendants lived in. I wouldn't be surprised if the US of A attempted to do the same with respect to the COPPA.
  • Umm, what about protecting adults? Seriously, I don't want websites collecting info about me. Damn Real.com had to start the privacy issue by requesting all people give them their names and emails! Why is it that i have to lose all my privacy once i sign on the internet? Oh well, it's not going to change anything, im still going to give fake names, fake emails, fake everything AND start saying im 8 years old to take advantage of children's rights
  • I just got a note from the LA Times:

    "A new federal law limits our ability to accept registrations at this time from children under 13 years of age. We are contacting you because your registration information indicates that you are under 18 years old. Please be advised that on April 20, 2000, we will terminate all existing acconts that are registered as under 18, in order to comply with the new laws."
    I presume this is because I usually fill those registration forms by bouncing on Tab and Down-Arrow, picking the first thing on each drop down.
  • Don't blame the marketeers entirely. If parents exercised some responsibility in this area the justification for targeting penniless waifs would dry up and blow away.

    I don't entirely agree with you. Here in the UK, there is growing concern at the amount of advertising that is being targeted specifically at children. This is not because their parents use money as a "quality time substitute", although doubtless some do. The concern arises precisely because it leads to children pestering their parents to buy them <insert latest must-have item here>. The advertising agencies even have a term for it - "pester power".

    You do make a valid point that some parents give their children far too much money, and for the wrong reasons. However, do not be too quick to suggest stopping this as a way to stop advertisers targetting children, because it won't. If anything, it'll just cause them to increase the amonut of advertising targetted at kids, to step up the pressure on the parents.

    Cheers,

    Tim
  • by dlc ( 41988 )
    • Parents should not be allowing 13 y/o or younger children to surf the net unsupervised and if they were not neglecting their responsibility the COPPA law would not be necessary.

    To a certain extent this is true, but a parent can't always be with h{is,er} children. Kids go to school, where there are probably computers. Kids visit friends, where there are probably computers. Kids spend time on their home PC doing homework, etc.

    I have a 7 month old son, so things like this are constantly on my mind. Some day soon, some day very soon, he is going to start using the computer we have at home (he is already showing interest as he sits on my lap and we read Slashdot together -- he bangs on the keys and reaches for the screen), and I am not going to be able to be with him (as a progammer, I spend a lot of time at work). The best I can hope for is that by the time he is using it when alone, my wife and I have taught him what he should be doing and what he shouldn't be doing. Never give information out over the internet. Never make plans to meet someone you met over the internet. The same things as *I* was taught growing up about the phone -- if someone calls, and you don't know who it is, ask; if someone asks who you are, don't tell them until you know who they are; etc.

    • Will COPPA work? No, like all other laws it will not impact the law-breakers and the law-abiding people (except Disney!!!) were already doing what is necessary to protect our childrens rights

    This is the fate of most regulation-type laws, unfortunately. Gun control laws tends to fail (or at least fail to live up to expectations) for the same reasons. Prohibition failed for this reason. The real answer is education -- I need to teach my kids what is right and wrong, and what is appropriate and inappropriate.

    darren


    Cthulhu for President! [cthulhu.org]
  • (Note for those browsing at +1: I'm replying to an AC's reply to dcrowleyts, not his/her post)

    Well, you certainly have the right idea, although I think that you could possibly have worded it a little better :-)

    However, it is something of a thorny issue. Speaking as a parent myself (I have a 5 month old daughter), I agree that the government (in my case, that of the UK) has no place telling me how to raise my child. I intend to be a responsible parent, as does my partner (no, we're not married), and so I do not require laws like this to protect my daughter.

    Unfortunately, the sad fact is that, as dcrowleyts pointed out, some parents seem to have largely abdicated responsibility for their offspring. As it is impractical to identify and point out to these parents the error of their ways (and do we even have the right to?), something does need to be done to protect their children from unscrupulous marketeers (and worse...).

    I am not against the aims of this law, but I am saddened that America has so little faith in its parents that it feels it necessary to legislate to protect its children when the parents themselves should be doing it.

    Cheers,

    Tim

  • Bullshit. Its your job to keep your kids safe, and if our freedoms put your child in peril, well its too damn bad. Thats what the concept of a 'right' is. No one can take it away, no matter what the reason. Raise your own damn kid, thier safety is your concern and responsibility, NO ONE elses.
  • according to high school, children HAVE no rights, they are barely even citizens
  • That's a fine and dandy little law for you American folk to have to deal with... but what about us foreigners?

    I suppose that if you had a .com .net or .org address they might have some jurisdiction (as those domains are managed from the USA)... but the worst they could do there is take away your domain name.


  • How do you know that someone is who they say they are?

    example 1: Your kid logs onto www.xrated-site-name-here.com the site ask's you to click "enter" if you are over 18. What is stopping them from clicking enter?

    example 2: Your company requires you to keep information about logged on guests. How do you know they didn't lie when they signed up?

    example 3: I use a@7x7x7x.com as a dummy email address so I don't get spammed.
    (I check to see if 7x7x7x.com is registered because I don't want to generate spam for them.)

    I lie on register forms, don't you?

    This is an example of good intentions, political grandstanding and clueless execution.

  • by dcrowleyts ( 176390 ) on Wednesday April 19, 2000 @10:34AM (#1123098)
    First I would like to say that Parents should not be allowing 13 y/o or younger children to surf the net unsupervised and if they were not neglecting their responsibility the COPPA law would not be necessary. However, in America and probably in most developed nations, parents have abdicated their rights and responsibilities as parents in favor of governmental control and so COPPA is a necessary evil. The argument about offshore sites is a valid one but then America cannot police the entire world, yet! But we have a responsibility to police ourselves. In all I wish the law were unnecessary but lazy, uncaring parents force us to legislate the protection parents are supposed to provide but don't. Will COPPA work? No, like all other laws it will not impact the law-breakers and the law-abiding people (except Disney!!!) were already doing what is necessary to protect our childrens rights. Well that ought to stir up a whole bunch of religious zealots, Paranoids, and Flame hounds so I'll quit there.
  • I posted the same story a few days ago and it was declined =(...

    Anyway...doesn't this mean that...

    Think of it this way: If you don't know who is a "child", you don't have to employ any special tactics. A major hole in the law. If you don't ask the age, you're off scott-free.
  • Ok, that's a good example. I'll assume you're not using the kids' names/ages/e-mails for anything other than personalization of the application. (If you're selling the data, I hope something nasty happens to you).

    However, is it REALLY such a bad thing to have to get the parents' permission before collecting this information? Shouldn't the parents be checking out the service before the kids sign up anyway?
  • by Silver A ( 13776 ) on Wednesday April 19, 2000 @10:45AM (#1123101)
    That's a fine and dandy little law for you American folk to have to deal with... but what about us foreigners?
    I suppose that if you had a .com .net or .org address they might have some jurisdiction (as those domains are managed from the USA)... but the worst they could do there is take away your domain name.

    If you're collecting demographic information on kids, you're probably trying to sell to them. If you're capable of selling to kids (actually, their parents) in the US, you have enough presence in the US for the US law to get at you. If you're in Europe, you're worse off, since the US will call your jurisdiction's cops, and say "these guys are violating even our extremely lax standards - they're probably violating yours, too". I don't know this will work in the rest of the world, but the real kicker is the money. If you're not making money from collecting consumer data, why bother?

  • "Is it even something that deserves worrying about?"

    Cliff, are you kidding me? Do you want telemarketers collecting information on your child and indirectly on you through a web site? Don't you want to protect your child from blatant violations of your child's right to privacy because they don't understand that what they're doing is creating a profile under their name on some stranger's database? What if your kid goes to a site that asks for information about YOU? Hmmm... what if Disney, upon realizing that they were gathering information from a child, asks for their parents income (or puts it in cute terms like "what kind of car does your daddy drive?") Does this strike you as a problem?
  • by Anonymous Coward
    The U.S. Government has been treating its citizens like children for years. Does anyone think that I could qualify under COPPA for this reason? I'd like my privacy protected, dammit.
  • I would say you are exactly right. This unfortunately still doesn't give them any.

    Notice that all of the rights go to the parents. Kids still get no lovin from the gov't.
  • That was Mountain Dew. It was actually considered a brilliant marketing move - give kids pagers for general use, but pay for them by advertising delivered via the pager.


    ...phil
  • I you have a site that truly wants to discriminate between the under and over 13's just give them the pokemon quiz.....To register for this site answewr the following questions:

    Pikacho is:

    A: a new nasal tissue
    B: small and furry

    ...if I new anything about pokemon I could probably write something funny here but I don't, cause I'm (much) older than 13.

  • by carlos_benj ( 140796 ) on Wednesday April 19, 2000 @11:04AM (#1123107) Journal
    It takes a certain amount of slime to market to people under age 13 anyway - since they don't have any money, you have to brainwash them to pester their parents.

    As someone who has worked extensively with young people I can tell you that statement has no merit. I can't tell you how often I've been amazed to find myself among a group of adolescents with more cash in their pockets than I had in my checking account (unless it was right after payday and just prior to paying the bills). There were very few exceptions, even among those considered to be from 'low-income' families.

    Unfortunately many parents today think that, since their time is used to generate money, that throwing money at their children is an acceptable substitute for spending time with them. Go hang out at a mall and watch all the pre-pubescent girls spend wads of cash on little doohickeys to stick in their hair and young boys swapping $5 US bills for arcade tokens like they were pitching pennies in a fountain -- all this with nary a parent in sight. (Yeah I'm sure that sounds sexist, but just go watch and see if it isn't accurate. You do see girls in the arcade, but often they're only watching, and I have yet to see a boy plop down good money for a handfull of multi-hued butterflies to put in his hair though.)

    Don't blame the marketeers entirely. If parents exercised some responsibility in this area the justification for targeting penniless waifs would dry up and blow away.

    carlos

  • What I'd like passed:

    The Protect-Us-From-Government Protection Act

    But they never seem to do that...

    New XFMail home page [slappy.org]

    /bin/tcsh: Try it; you'll like it.

  • Everyone's ranting about "The kids will just lie and still get in." Has anyone seen that it mentions in the COPPA that you can validate a parent by collecting a credit card number and date, and a name and address to match it, and then validating that through visanet or another company. Then you know if its a parent or just little Timmy lying about his age... its very unlikely that the timster will be able to get all mommy's info to carry out the lie. A pain in the wahzoo for us site admins but what if they start forcing me to do that? Extra expense, extra hassle, driving away customers who are queasy about giving out credit card info....
  • Excite's policy for complying with COPPA is this: if the information in your User Profile indicates that you are under 13, you're email account is terminated! So, if you put in an incorrect, COPPA-violating DOB in your profile (or, presumably, if you truly are under 13 and entered you're real DOB), you get this friendly email:

    ** From Excite **

    Date: Tue, 18 Apr 2000 14:32:30 PDT

    Thank you for using Excite. We have some important Excite Member updates for you. In order to comply with new law called COPPA (Children's Online Privacy Protection Act) that protects the privacy of individuals less than 13 years old, we need to restrict your access to the Excite service. Specifically, we are sorry to inform you that your Excite Member email address [yourEmail]@excite.com will be deactivated after April 20, 2000. Excite is participating in an industry-wide effort to apply COPPA on the Web.

    ****

    Notice that the email was sent at 2:30pm, April 18, and the account will be zapped in about 36 hours.

    If you use Excite's email service, and you put bunk info in your User Profile DOB, you might want to check your mail.

  • I have a memory too...so now i dont tell my parents anything, and i'm doing all the stuff they never wanted me to.
  • I think that COPPA's real emphasis is not necessarily to stop those clever youngsters who are intent on getting past the registration process by lying, but to try to get parents to at least be aware of what their kids are doing on the internet. There's little you can do about the kids who are determined to circumvent the "under 13" registration rules, but that doesn't mean you can't get some parents to know and control what information is exposed about their kids.
  • WTF is the government doing in this, anyway? I can protect my kid just fine without their help, thankyouverymuch.

    Well then i appluade you! Unfortunatly most parents don't want the responsibility and want to be able to sit thier child in front of the tv/radio/internet and not have to worry about them. Which makes sense, i mean the parent had a really hard day at work again, why should they be bothered with raising thier children now? Oh, to all you parents saying its really hard to review everything before deciding...go fuck yourself. If you don't have time to review what your kid does on the internet, don't let them on the internet, or don't let them on at all without you watching them. Same goes for tv and radio.
  • Just because they can't stop criminals from defrauding Americans in foreign countries, does that mean they shouldn't attempt to stop criminals in the US? I don't think that we should give up trying to solve a problem just because we can't get a 100% solution.

    Incidentally, "just move offshore" is an expensive and distracting thing for a company to do, or they'd all do it to avoid taxes and other regulations. It can be done, but it carries with it a host of other logistical and legal problems.

  • The Law of Unintended Consequences strikes again! The hardcore marketers are going to do whatever is necessary to get the information they want, COPPA or no COPPA. I expect corporations that market to kids to create some kind of "kid-safe" umbrella database for all their sites. Parents will only have to provide permission once for, say, all of Microsoft's or Proctor and Gamble's kid sites. The corps in turn will have a far easier time disseminating their user data among different divisions and subsidiaries, as there will be no duplicate or ambigious entries to resolve across multiple databases. It will be the legitimate sites that parents might actually want their kids to visit that will simply ban anyone under the COPPA limit. Why make trouble for yourself by accepting kids when you don't have to? Thus, kids get screwed, and marketers get what they want throught different channels. Here comes the new boss, same as the old boss.... Now, the really funny part will come when some soccer mom sues a company for age discrimination on behalf of little Snotleigh, who can't download free unicorn pictures from the Web anymore. What's the sponsor or owner of the site supposed to do then?
  • Why am I reminded of when I was a kid and repeatedly guessing at questions about who was president before I was born, or what is used with what to make a drink just to play a really neat adventure game? Sure it took me a while, sometimes random guessing took a while, but I got in... we need to take a better approach then asking for a birthdate and/or asking silly age questions like Sierra did if we want to take a serious approach to age verification.
  • COPPA is huge. It affects nearly everyone. What web site doesn't cater to under 13 year olds? Even if you don't actively target them as your audience, are you discouraging them?

    I've really been blown away by how COPPA seems to have slipped under the radar of most web sites. This is probably the first piece I've seen in the 'media' about it.

    My company, Infopop, makes community software including a popular discussion forum. We made some changes to this software to make it easier for sites to comply with the COPPA regulations. And you know what? COPPA has such a low profile that a lot of customers got upset with us. They thought COPPA was something we'd made up. They had no idea that legally their sites had to be COPPA compliant come April 21st.

    I have doubts about the level of COPPA compliance we'll see among web sites. Look out for some high profile 'lets make an example of them' cases in the comming months.

  • If they ask your age, tell them you're under 13. But I agree, it shouldn't just apply to children.

    If you tell them you're under 13, you might have to prove that you have gotten your parents permission by having them register with a credit card number. Now you've given them your real address! Of course, the site won't mind, because now it can sell your real address to a direct marketing company.

  • I can't think of a single, legitimate, non-sleazy reason to collect information from anyone under 13

    I'll provide my data point, and ask for /. advice. My organization provides online courses to K-12 students. Aside from the obvious issue about who is filling out our application form, I also have a "say hello to your Instructor" page which asks registered students about their hobbies and interests.

    Our application forms require payment, which implicitly blocks out small children. But the hello form...suggestions?

  • WAKE UP AMERICA!!!!!!!!!!! We are in the midst of a revolution within our government. Liberal forces are taking away our rights every day. And the process is accelerating. COPPA is just another peice of that puzzle.

    This law is not about protecting children. It is about controlling the internet. Congress sees the internet as a menace, due to its free wheeling style. Why does Congress see the internet as a menace? Simply put, the internet allows free flow of ideas. It allows the freedom of speach our country's founders envisioned as RIGHTFULLY BELONGING TO ALL CITIZENS.

    Since Congress enacted legislation to create the Department of Education, the educational standards of the United States has steadily deteriorated. For those of you who dont know, the Department of Education was touted as being a way to establish a nationwide standard of educational excellence, i.e. pump money into regions that have poor literacy rates in an effort to improve schools. While this has happened, the Department of Education has also been used by Congress for some more sinister reasons. After all, what better way to make major changes to the United States' form of government than to teach our children thier point of view.

    The Department of Education mandates to school boards a selection of educational materials. Over the last 2 decades this list of materials has included text books which tramples the ideals of Washington, Jefferson, and Adams. Here in Georgia there is a fight going on about a history book that leads the students to believe we do not need the Bill of Rights. Many of the text books have a blatant "government is the solution to everything" agenda.

    Now I know you saying "How does this tie in with COPPA?" Very simply this. COPPA will be used as a "catch all" Law. Any web site that speaks out for the rights of the people, any site thats is educating people about the freedoms what Jefferson, Adams and their contemporaries believed in so much that they stood up and spoke out even under the threat of death, can be a target of this law. How can that be you say???
    Easy...just let a child request additional information.

    COPPA if it really wanted to protect children would have flatly stated what information can be obtained from children for the purposes of record keeping. Does it? No. If anything it is purposely vague about what can be asked and is riddled with loopholes. All the better in Congress' eyes for snuffing out "rabble rousers" on the web.

    Keep an eye on COPPA. I gaurentee you, it WILL get employed in this way.
  • It takes a certain amount of slime to market to people under age 13 anyway - since they don't have any money, you have to brainwash them to pester their parents. As someone who has worked extensively with young people I can tell you that statement has no merit. I can't tell you how often I've been amazed to find myself among a group of adolescents with more cash in their pockets than I had in my checking account. How can you say that this statement has no merit? You post didn't contradict the statement, it confirmed it. The whole point of the original statement was that the only way kids get money is from their parents, which is exactly the same thing you said.
  • 'The concern arises precisely because it leads to children pestering their parents to buy them . The advertising agencies even have a term for it - "pester power". '

    My kids all learned that "pester power" was powerless in our household. If I were pestered about something the answer was almost surely to be a resounding NO. The only reason I qualified that is that they on occasion 'pestered' me for something when the opposite was really what they were after. Kids are smart that way. They figure out pretty fast if the parents are making an effort to train them, or if they have the ability to train mom and/or dad. This is precisely why I said parents must exercise responsibility in this area.

    I didn't mean to imply that parents shouldn't give their children money. Far from it. They need to learn how to handle finances. But be creative in how you give it to them. We didn't do allowances. The world doesn't give you money because you exist. They didn't get money for doing their assigned chores. The world doesn't give you money for working in your yard or cleaning your own house. The kids could offer to do one of my chores though. If I thought they could do the job, we'd negotiate a price and go from there.

    Don't get me wrong, there were times when we'd give them money for incidental items or bought them things if they asked politely and it was a reasonable request, so we weren't ogres. Try telling that to the parents who chastise you for such draconian practices. The pressure doesn't just come from the kids.

    carlos

  • "How can you say that this statement has no merit? You post didn't contradict the statement, it confirmed it. The whole point of the original statement was that the only way kids get money is from their parents, which is exactly the same thing you said."

    You misunderstood. These kids didn't have wads of cash because their parents were buckling to some advertiser's pitch. They were given money on a regular basis (and often lots of it) just because. These kids always had money.

    Consider this true example. A kid in the youth group wanted a particular baseball glove. You don't get many baseball glove commercials on television, so it really wasn't a matter of advertising pressure, but that's not the kicker here. He took his dad to a sports store where the glove was priced at $80 US. His dad suggested they look at a discount store and wrote the model number down and off they went. Found the same glove (same model #, same packaging, same everything) for $50 US. The boy wouldn't hear of it. He had to have the one for $80 and, after a lengthy discussion about handling money, they went back to the sports store and bought the one for $80. Had that been my son, the discussion in the discount store would have gone like this...

    "Dad! I want the one for $80."

    "Son, if your heart is set on the $80 glove I don't want to disappoint you. Go earn the money and buy it yourself."

    End of discussion.

    My son would have stopped there or lost additional priveleges.

    This is a pattern that kids pick up on really fast and worked just as well on visitors as our own kids. No matter how they behaved around their parents.

    carlos

  • That's a fine and dandy little law for you American folk to have to deal with... but what about us foreigners?

    You can't hide from U.S. law. Just ask Jon Johansen.

  • by DonkPunch ( 30957 ) on Wednesday April 19, 2000 @10:00AM (#1123125) Homepage Journal
    Frankly, I can't think of a single, legitimate, non-sleazy reason to collect information from anyone under 13. How about giving kids a break from your demographic-analyzing targeted-marketing schemes, guys?

    Next, you'll be calling them at home before school to tell them about your great new breakfast cereal. Give me a break.
  • If you're selling the data, I hope something nasty happens to you

    We're not collecting much data, and not selling it.

    However, is it REALLY such a bad thing to have to get the parents' permission

    I did not mean to infer that it was a Bad Thing, only that it has been a semi-major undertaking to comply and to get the suits to agree that our solution is sufficient.

    For some leagues, the parents are signing an agreement that the kids can use the service as part of the process of enrolling the kids on a team. In other cases, there needs to be a process where the kid gives the parent's email address or the kid prints out a form which the parent can mail in or the parent can call an toll-free number to unlock a child's account.

    Thank god we don't have any client sports organizations outside of the US (yet, at least).

    Bravery, Kindness, Clarity, Honesty, Compassion, Generosity

  • by ATKeiper ( 141486 ) on Wednesday April 19, 2000 @10:01AM (#1123127) Homepage
    When the COPPA rules go into effect, lots of sites will still be noncompliant. That's probably alright, but people must get moving - and dantes, you had better get your higher-ups and lawyers to pay close attention.

    The legislation and rulemaking for COPPA was quite contentious, and the FTC is probably going to be much more of a stickler for children's privacy than it has been for Net fraud.

    michael wrote that "We've already seen that the FTC refuses to investigate even large-scale privacy fraud on the part of Internet companies, so it seems extremely doubtful that they're going to deploy COPPA Vice Squads to go out and enforce compliance. Unless you're a really big company in really flagrant violation of the law, you have nothing to worry about."

    But it's not quite that simple. Actually, the FTC has been conducting sweeps [nytimes.com] for Net fraud, and I expect they will start doing much the same thing for kiddie privacy. However, while fraud-hunting is challenging because you need to chase down elusive "businesses" that change online locations frequently, playing the sheriff for violations of children's privacy is easier: investigating and confirming violations are simpler since the FTC can go after established companies.

    Also, FTC sweeps aside, COPPA may open the door for lots of lawsuits, perhaps even class-action suits. (Are your lawyers listening yet?)

    COPPA ought to be taken very seriously, and many companies are scrambling to comply. (See, for instance, this C|NET article, Many Web sites will pay high price for children's data [cnet.com], or this Wired article, Time Running Out on Kid E-mail [wired.com] .)

    Not complying by tonight is not a big deal. Not complying by early summer is a problem. If you don't have your act together by August, you're in serious trouble.

    A. Keiper
    The Center for the Study of Technology and Society [tecsoc.org]
    Washington, D.C.

  • You don't have to take all that information. You could have their parents fill out that information. It's not like a 9 year old is going to join a soccer league without his parents' knowledge and permission anyway.
  • Good point! I hate those d---ed registration sites anyway. If I have to "register" to get something, I usually don't and go somewhere else. Sites like that just lose my business.
  • When did this little gem pass?
    I get worried when I see any internet Protection Act.

    . The protect-anything-from-anybody-Protection Act.

    The-protect-your-pet- parakeet-from-bad-bird-feed-Protection Act.

    The protect-My-pants-from-hot-grits -Protection Act.

    The protect-Cowboy-neal-from-natalie-portman-glam-shot s -Protection Act.

    The protect-my-karma-from-AOL-moderators-Protection Act.

    The protect-the-other-guy-from-himself-Protection Act.

    The protect-yourself-from-yourself-Protection Act.

    It seems that there is no end to the gov. trying to baby-sit us.
    ___

  • Kids are smart. They'll get around the damn thing as if it wasn't there. It's relatively simple to LIE about your age / birthdate. Then what are we supposed to do to "protect" them*? Give me an effing break. Another useless piece of trash brought to you by the United States Federal Government.

    My site uses an Ultimate Bulletin Board - they've recently put out a copy that's COPPA compliant. Of course, the way they've done it isn't up to my standards... hehe... So what will my solution be? Simple: I'm turning off registration on my site until I can figure it out.

    *: Not that I'm saying we shouldn't be trying to keep 'private' information out of the hands of people who would do harm to kids / Big Giant Evil Corporations / the Marketing Department...

  • Canada... where the internet is unregulated...

  • My first response was: Well, we have a bad habit of over-protecting our kids, but this seems benign enough. Then I thought about it a little more. I still think the idea of this law is benign, but the law is poorly designed, and poorly designed laws are inherently problematic if for no other reason than they're a waste of taxpayer money and law-enforcement time.

    Here's the design problem: As the poster pointed out, if you don't target your site at the under-13 crowd, and if you simply fail to ask the respondant's age, you don' hafta do nothin'. Well, that should be OK, right? After all, if you don't know their age, you lose one of the most important pieces of marketing information, and therefore you can't really use your nefarious marketing tactics on their impressionable little minds.

    Unfortunately, wrong. The purpose of all those demographic studies is to find out what people in a certain group like to buy and what characteristics they have, but you can surely reverse those demographics to find out, given a set of characteristics, what age group they are in. Ask them a relatively few "key" questions scattered in with the rest of the form ("What's your favorite possession? a) car b) home c) pokemon cards") and you will know what market segment you are interviewing. Then the rest is buttah - you can collect their data with just as much (if not more) certainty that they actually are the age you believe them to be. After all, anyone can lie to a direct age question; but you may not realize someone is asking your age when they ask you about your favorite possession.

    Oops. Back to the drawing board, lawmakers.

  • >

    You have to consider what they *want* the information for. *WHY* do companies want demographic information about you? Once you understand this, it doesn't look nearly as scary.

    My company for example, asks for all of the above plus (optionally) information about how much you make, your occupation, what industry you are in, and your precise address. Why?

    It isn't as useful as one would think for "tracking" you. Even if you *don't* provide a site with that information, they can analyze their log files to see what people are doing (most log analyzers even list the "top paths through site") and of course, cookies can make even more precise tracking possible.

    Companies don't care about *YOU* personally. There is nobody sitting at some desk somewhere saying "Aha! John Smith likes McDonalds!" Most uses of demographic information are *more effective* if you as an individual are ignored.

    All demographic information is useful for is /targetting/ things to you. I looked at a bunch of Transformers auctions on Amazon.com, and all of a sudden when I go to Amazon.com I'm greeted with a list of Transformers auctions, books, movies, and such. Cool! Saves me some effort. I haven't paid much attention, but I'll bet the banner ads they show me are targeted at kids and toy-afficianados. :)

    There's really not as much to this as you think. It's simply an extension of customization. How many of you customize your Slashdot page to show the SlashBoxes you like? Well, that's the same thing: You're giving Slashdot demographic information about you. The fact that you're logging in lets them uniquely identify you.

    Ok, so they can't identify you in meatspace, but so what if they could? Are the black helicopters going to land in your front yard? No. At *worst*, you might get a little more junk mail -- targetted to stuff you've shown you're interested in.

    BFD.

    There are abuses of privacy, and privacy does need to be protected, but many of you are too over-sensitive about this issue. You don't make a distinction between *good* and *bad* uses of personal information and you overlook the fact that most of you just throw such information at web companies without thinking twice about it.

  • Or maby I have dislexia?? But I like the insensitive fuck part.
  • SO - Let's see. You don't like COPPA. Your choice. But what do you offer to those who need our protection - the kids? The internet is open - so is a library. But do you let your or anyone else's kids take out any book? Regardless of the medium, information not right for kids is not right. And if your 'rights' are impaired I ask which is more important? Yours of the kids? Let's move towards a goal, not impair any movement you happen to not like.
  • Unless you're a really big company in really flagrant violation of the law, you have nothing to worry about.

    Good, the last thing we need is government regulating every little thing on the internet. What are they going to do about foreign sites? Nothing, that's what. So this whole law is just a stupid little bone they can throw to say "look at what we are doing to ugh, Protect the Children". If a site wants to collect info, they just move offshore.

    God forbid they actually do something that benefits children, like cut taxes or something.
  • Would a guestbook count as collecting "personal information", as it asks for name, website, where you're from, etc.----or since it's hosted by Bravenet, do they take the heat? Even though all fields are optional (excepting name and comment, which can be easily lied to)?

    How am I supposed to know if my site is directed towards people under 13? I'm sure there are plenty of adults out there that would be interested in it, though it is more child-like stuff.

    I regret I can't give the site out here; the /. effect might kill it, since it's only a free site.

  • ... is a difficult thing to prove. One possible solution is to discard any information on anyone who is less than 13 years of age. Not a hard algorith to do...

    ---
  • Bah, I say somebody blows this legislation out of the water. It's a great political gesture, but it's practically unenforcable and puts a burden on websites.

    Not that it applies to many sites - most can brush this off. But the problem is that legislation like this gets it's foot in the door and then more regulation starts pouring through. They tried it first by saying that it was all these perverts who were online. Then they attacked crypto as being tools for "infocriminals". Now they're saying "It's for the children!", a cry that should sound an alarm for any activist who fears government regulation. Christ, don't these people just give up? I rather wish congress wasn't based on districts but was held at the national level - it would put an end to this sillyness.. but that's an entirely different discussion..

    Regulation like this needs to be shot down - it will only open the door to more legislation, litigation, and regulation. I want as little of any of those as possible online.

  • Next, you'll be calling them at home before school to tell them about your great new breakfast cereal.

    I believe that something like this was tried within the last few years. Some company gave away pagers to kids so that they could be beeped with special product offers. Small firestorm followed and schools began collecting pagers at the metal detector.

  • by geekoid ( 135745 ) <dadinportland@y[ ]o.com ['aho' in gap]> on Wednesday April 19, 2000 @10:09AM (#1123142) Homepage Journal
    If your site sells products for an age group under 14, or has reason to believe minors(as defined within' the scope of this law) are on your website then you need to comply. Selling pokeman, but not putting an age catagory in the signon, may not be enough to protect you. Since is perfectly reasonable too assume minors will visit your site.
    On a humorous note:
    about 2 weeks ago I logged on to NeverQuest, and they had a pop up that said, If you are under 13 you need to get parental permission. If you made a "mistake" entering your birthdate you should change it now.
    Could you find a less obvious way to say "Lie to us so we won't be liable, or have to do too much extra work"

You are in a maze of little twisting passages, all different.

Working...