New Rule Will Protect Privacy of Children Online
Effective April 2000 Certain Web Sites Must Obtain Parental Consent
before Collecting Personal Information from Children
The Federal Trade Commission today issued the final rule to implement
the Children's Online Privacy Protection Act of 1998 (COPPA).
The main goal of the COPPA and the rule is to protect the privacy of children using the Internet.
Publication of the rule means that, as of April 21, 2000, certain commercial Web sites must
obtain parental consent before collecting, using, or disclosing personal information from children
under 13. "This final step achieves one of the Commission's top goals - protecting children's
privacy online," said FTC Chairman Robert Pitofsky. "The rule meets the mandates of the statute.
It puts parents in control over the information collected from their children online, and is flexible
enough to accommodate the many business practices and technological changes occurring on the Internet."
The COPPA was enacted following a three-year effort by the Commission to identify and educate industry and the
public about the issues raised by the online collection of personal information from children and adult consumers.
The Commission recommended that Congress enact legislation concerning children following a March 1998 survey of 212
commercial children's Web sites. The survey found that while 89 percent of the sites collected personal information from
children, only 24 percent posted privacy policies and only one percent required parental consent to the collection or disclosure
of children's information. The COPPA received widespread support from industry and consumer groups.
On October 21, 1998, the COPPA was signed into law. The statute gave the Commission one year to issue rules
to implement its privacy protections. On April 27, 1999, the Commission published a proposed rule in the Federal
Register and requested public comment on a number of its key provisions. The Commission received 145 comments from
a variety of sources including Internet businesses, privacy and children's advocacy groups, technology companies, and individuals.
The statute and rule apply to commercial Web sites and online services directed to, or that knowingly collect information from, children under 13.
To inform parents of their information practices, these sites will be required to provide notice on the site and to parents about their policies with
respect to the collection, use and disclosure of children's personal information. With certain statutory exceptions, sites will also have to obtain
"verifiable parental consent" before collecting, using or disclosing personal information from children. The rule will become effective on April 21, 2000,
giving Web sites six months to come into compliance with the rule's requirements.
The issue of how Web sites can obtain "verifiable parental consent" generated the most interest among the commenters and prompted the Commission to hold a workshop
devoted to the issue. The statute defines "verifiable parental consent" as "any reasonable effort (taking into consideration available technology) ... to ensure
that a parent of a child ... authorizes the collection, use, and disclosure" of a child's personal information. The comments and the workshop testimony (available on
the Commission's Web site) showed that certain methods of consent provide greater assurances that the person providing consent is the child's parent, but that some of these
methods need additional time to develop and become available for widespread use. As noted below, the final rule temporarily adopts a "sliding scale" approach that will
allow Web sites to vary their consent methods based on the intended use of the child's information.
Verifiable Parental Consent
The final rule temporarily adopts a "sliding scale" approach that allows Web sites to vary their consent methods based on the intended uses of the child's information.
For a two-year period, use of the more reliable methods of consent (print-and-send via postal mail or facsimile, use of a credit card or toll-free telephone number, digital
signature, or e-mail accompanied by a PIN or password) will be required only for those activities that pose the greatest risks to the safety and privacy of children -- i.e.,
disclosing personal information to third parties or making it publicly available through chatrooms or other interactive activities.
For internal uses of information, such as an operator's marketing back to a child based on the child's personal information, operators will be permitted to use e-mail, as long as
additional steps are taken to ensure that the parent is providing consent. Such steps could include sending a confirmatory e-mail to the parent following receipt of consent, or obtaining
a postal address or telephone number from the parent and confirming the parent's consent by letter or telephone call. The "sliding scale" will sunset two years after the effective date of the
rule, at which time the more reliable methods would be required for all uses of information, unless the Commission determines more secure electronic methods of consent are not widely available.
If you have any questions about the security at this web site, you can send an email to: Boomboom, Amaranthine, or Alice.
Web Design by Founders; All rights reserved
Nothing to be taken without prior written permission from us
Web Leagues Founded by Boomboom, Owned by Amaranthine
and Co-Owned By Alice
(subject to revisions)
How our Competition Works
Our COPPA Policy
Meet Our Staff
New to the Competition World
Join our VE Board
Support Our Site
Buy Ad Space