Re: New Federal Law (COPPA)

[Robert Cannon <rmcannon () mail com>]

Answers to a couple of questions:

CAN I COLLECT THE AGE OF THE VISITOR TO DETERMINE WHETHER I WILL COLLECT
PERSONAL INFORMATION.
Yes.  COPPA restricts the gathering of personal information from children. 
Age, in and of itself, is not listed as "personal information" by COPPA or
the FTC rules.  This means that you can ask the visitor to submit
information on age and, if the visitor is under age, refuse to collect any
further information from that visitor.

WHAT ABOUT LYING KIDS?
Children would never lie.  (okay, have you stopped laughing).  If you target
children (if you are Disney), you are under COPPA (lying children is
irrelevant).  If you do not target children, and if a child lies that they
are 13 or over, then you are arguably not liable.  The law states that you
must have *actual* knowledge.  You lack *actual* knowledge.  The FTC
emphasizes in its Order releasing the final rule that we are talking about
*actual* knowledge.  I see nothing in the law or FTC explanation that
creates any further burden on your (the website) part.

DOES A SITE THAT DOES NOT TARGET CHILDREN HAVE TO CREATE A PARENTAL CONSENT
PROGRAM?
If the site is not an online service directed at children nor does it have
actual knowledge that it is collecting personal information from a child
then it is not under COPPA.  If the site does have such actual knowledge, it
can elect (a) not to collect information from children under the age of 13
(see discussion above) or (b) not to collect age information. For example, I
maintain a mailing list at Cybertelecom - all I ask is for people's e-mail
address - I have no knowledge of ages and therefore do not fall within the
scope of COPPA.

Thus you certainly can use e-mail address for password verification as long
as there is no age knowledge attached to that.

If you collect age information, and elect to collect information from
children who are under age 13, then you must comply with COPPA.

If you collect information from children under age 13, it IS NOT illegal. 
You simply have to comply with the requirements of the law (some people are
writing as if the mere act itself of collecting the information is per se
illegal).

CAN I RUN A CONTEST THAT IS ILLEGAL IN FLORIDA?
I am not sure why you cant run an illegal in Florida contest as long as you
do not target children or you do not have actual knowledge of age.  However,
FTC did implement rules specifically concerning children and contests. 
These rules state "An operator is prohibited from conditioning a child's
participation in a game, the offering of a prize, or another activity on the
child's disclosing more personal information than is reasonably necessary to
participate in such activity." § 312.7




As far as Children surfing the web, they have freedom to surf sites that (a)
do not collect information (b) do not collect age information or (c) cater
to children and implement the policy (Disney, PBS, Nickelodean, educational
sites).  That is a pretty big universe.

When one person says that the feds are trying to use "us" as Internet police
(an accusation on other issues that is quite accurate), I am not sure what
you mean here.  This legislation is specifically directed at those who
actually collect data from children: "operators".  Networks themselves who
are not "operators" of the data collecting websites are not impacted.  Thus
only those engaged in the actual activity of concern are the focus of the
new regulation - not neutral third party networks.

Hopefully all of this points to the importance of paying attention to the
regulatory process in Washington DC - it is very easy for you to participate
these days and get your views heard.

-Robert Cannon
www.cybertelecom.org
Not legal advice.  If it were, there would be a bill.  I assure you.

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup