|
| |
For Lawyers: Kids'
Internet Law and Marketing to Children Online:
The Origins of Kids Internet Law in the United States and Knowing When to Ask
for Help
While this article may not make you an experienced children's Internet industry
lawyer, it will let you know when it's time to seek help and alert you to
potential hazards. There are two issues lawyers and website operators must spot
when children are involved on-line. One is privacy, the other is safety. Both
are regulated in the U.S. by the Federal Trade Commission, although states are
permitted to enforce consistent local laws.
Privacy relates to the collection, maintenance, or use of personally
identifiable information from children under the age of 13. Safety becomes a
legal issue when a child under the age of 13 is able to share personally
identifiable information with others on-line (such as in a chat, on discussion
boards, or via e-mail or instant messaging). The safety concern is that someone
such as a pedophile may be able to contact the child either on-line or offline
because the child has shared such contact information, whether intentionally or
not.
Understanding the Law.
In October, the FTC promulgated its final regulations implementing the
Children's Online Privacy Protection Act of 1998 ("COPPA"). The law and the
regulations take effect in April. Yet few practitioners are aware that the FTC
currently has the ability to enforce the privacy and safety concerns noted
above, and has expressly set forth the parameters of that authority since
mid-1997. The salient document is the "Kids Com Letter."
On-line since February 1995, KidsCom was one of the first children-only sites on
the Internet. It did not use cookies (bits of personal information that some Web
sites store on the user's computer) to gather information, but collected data
through registration forms, contests and pen pal programs. Its site was directed
at children from ages four to 15 and came under criticism for its collection
practices. (As a result of the FTC investigation, KidsCom revamped its site and
is a popular site among parents and their children.)
In May 1996, the Center for Media Education ("CME"), a consumer watchdog group,
filed a petition with the FTC requesting the FTC investigate KidsCom and bring
an enforcement action against it. CME asserted that KidsCom's data collection
practices violated section 5 of the FTC Act's "anti-deception" laws in two ways.
First, KidsCom collected information from children without accurately disclosing
the purpose, and second, KidsCom failed to disclose that it was paid to endorse
certain products.
In July 1997, the FTC issued its findings in a KidsCom letter. The FTC
determined that KidsCom's disclosure was "likely" inadequate and misleading, but
declined to take any punitive action against KidsCom since they had already
changed their data collection practices and cooperated in the FTC investigation.
In issuing this ruling, the FTC for the first time publicly announced its
guidelines for data collection from children on the Internet.
The FTC discovered that KidsCom was sharing information collected from children
at its site with third parties. This information was provided to third parties
only in an anonymous, aggregate form (all 10-year old boys from New York
preferred baseball over football, for example). Relying on section 5 of the FTC
Act, which prohibits unfair and deceptive practices, the FTC stated its first
principle relating to data collection from children on-line: "It is a deceptive
practice to represent that a Web site is collecting personally identifiable
information from a child for a particular purpose (e.g., to earn points to
redeem a premium), when the information will also be used for another purpose
which parents would find material, in the absence of a clear and prominent
disclosure to that effect."
The FTC articulated its second principle that when collecting personally
identifiable information, "adequate notice" of such practices must be given to a
parent because of a child's limited ability to understand the disclosure.
"Adequate notice" requires disclosure of: (1) who is collecting the personally
identifiable information; (2) what information is being used and for what
purpose it is being used; (3) whether it will be disclosed to third parties, and
if so, to whom and in what form; and (4) how parents can prevent the "retention,
use or disclosure" of that information.
The third principle is more vague, as it deals generally with safety. The FTC
has had broad regulatory powers when dealing with safety issues, under its
unfairness authority in section 5. Under section 5, a practice is unfair if it
causes or is likely to cause substantial injury to consumers which is not
reasonably avoidable and is not outweighed by countervailing benefits to
consumers or competition. In its KidsCom letter, the FTC articulated its
"unfairness" test for Internet child safety, noting that the disclosure of
children's personal information to third parties is of particular concern, and
parents must be given adequate notice of such use and the opportunity to deny
their consent to it.
In its fourth and final principle, the FTC criticized KidsCom's endorsement
practices as misleading and deceptive. KidsCom had "New Product" areas, where
products were reviewed and endorsed. What it had not disclosed was the fact
that, in exchange for an endorsement, product manufacturers had to contribute at
least $ 1,000 worth of product, which was used for premiums and prize
redemptions. The passing off of an advertisement as an independent review or
endorsement is a deceptive practice under section 5 of the FTC Act. KidsCom
failed to clearly and conspicuously disclose that the product information was
solicited from manufacturers and printed in exchange for in-kind payment.
Following the issuance of the Kids Com/CME letter the FTC broadened its
principles to include offline consent for children 12 and under anytime their
personal information may be shared on-line, in chatrooms or similar third-party
communications, and before any site collects and stores their personal
information, even an e-mail address.
The adoption the Children's Online Privacy Protection Act of 1998 (COPPA) was in
direct response to the lack of industry compliance with the law as articulated
by the FTC in the KidsCom/CME letter.
In June 1998, the FTC presented its Privacy On-line Report to Congress,
documenting the on-line collection of personal information from children. The
FTC rearticulated its prior concerns, that collection of personal information
from a child under the age of 13 without informed parental consent would be a
deceptive trade practice. The FTC reported to Congress that even in chatrooms,
children innocently and without request may reveal where they live or go to
school or their real e-mail addresses. The FTC informed Congress that parents
need to understand the risks and consent to any such collection and disclosure
of personal information. Congress apparently agreed, and wasted no time in
acting on the FTC's report. Within months COPPA was law.
       
|
Parry
Aftab, Esq., 
Marvel and
all character names and the distinctive likenesses thereof are trademarks of
Marvel Characters, Inc., and are used with permission. TM & © 2004 Marvel
Characters, Inc. All rights reserved. “Super Heroes” is a Co-owned registered
Trademark.