In October 1998, the U.S. Congress passed the Children's
Online Privacy Protection Act (COPPA), a bill "to require the
Federal
Trade Commission to prescribe regulations to protect the privacy of
personal
information collected from and about children on the Internet, to
provide greater control over the collection and use of that information,
and for
other purposes".
The full text of the bill may be seen at
http://www.cmcnyls.edu/USLaws/S2326IS.htm.
The Federal Trade Commission (FTC) released its
regulations on April 20, 1999. The full text is available for viewing
at
http://www.ftc.gov/os/1999/9910/64fr59888.htm,
but bewarned -- the file
may take a while to download. It's about 100 pages long.
For those unable to wade through or decipher the regulations, the FTC
has
provided a summary called "How to Comply With the Children's Online
Privacy
Protection Rule",
available at http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm.
The regulations essentially require any online service or web
site that collects personal information from any child under the age
of 13 to obtain the consent of the child's parent, verify that the consent
actually comes from the
parent, permit the parent to review the child's personal information,
and
allow the parent to have the information deleted. Enforcement of these
regulations began on April 21, 2000.
Although some "consumer groups" that gave input to the FTC
on the wording of the regulations claim that compliance is "not an
onerous
burden", many online services have decided that dealing with underage
customers
is now too much trouble. With penalties of up to $11,000 for
violating these rules, many companies want to play it safe (see
http://wired.com/news/politics/0,1283,35712,00.html).
So last month, with the deadline approaching, many online e-mail and
news
services began sending out notices to customers they thought might
be under 13 --
or in some cases, under 18 -- notifying them that their accounts were
being
cancelled. Members of ASFAR (all OVER the age of 13) have reported
receiving
such messages from free e-mail, ICQ, and news services.
While the regulations were primarily designed to cover
chat rooms and for-profit businesses, there seems to be no exemption
for
non-profit organizations, so youth rights organizations like ASFAR
are probably required to comply with COPPA regulations -- to allow
the parents
of any members under the age of 13 to review their membership information
and
honor parents' requests to remove them from the membership rolls.
ASFAR does not ask the ages of its members, and has no
knowledge of any members under the age of 13; it is probable that none
of
our members are. But to disclose any member's information without
that
member's consent to any other individual, including a parent, is at
odds with our
own privacy protection policy. For us to remove a member from
our
list at a parent's request would be simply unthinkable.
It's always possible that COPPA will be challenged in
court. Perhaps we will be the ones challenging it.