Are Social
Networking Sites Violating Children's Online Privacy Protection Act?
By
Nicholas Deleault
Never before in our nation’s history has a
technological revolution skirted governmental regulation like the
internet. The industrial revolution saw the rise of giant
corporations, followed by the legislation of strict corporate and
securities law regulations. The newfound mobility of the country led
to a more recent communications revolution as telegraph lines were
installed along rail road tracks. Suddenly, any person in the country
was virtually at the touch of a dial. Again, like a Pavlovian dog, the
government followed suit by instituting strict regulations governing
the use and control over the means of communication. Then we come to
the true information revolution, of which we are still in the early
years. The internet has expanded faster and more thoroughly than any
of the previous technological revolutions. However, because the
internet is not in one particular location, governmental internet
regulation has been slow to react. Jurisdictional issues aside,
governments have struggled to determine an efficient manner to
regulate internet use, while still allowing for the ideas of free
speech to flow freely.
Because of the openness of the internet
and the anonymity involved, internet regulation is difficult to design
and almost impossible to enforce. The internet can be a great learning
tool for school students of all ages, but online predators pose a
significant threat to the most vulnerable group of internet users,
children. Social networking sites continue to increase in popularity
and expand in use. Myspace.com, facebook.com and classmates.com are
only a few of the many networking sites available. Additionally, there
are countless numbers of chat rooms available on the internet where a
person’s identity can be rendered virtually untraceable. All of these
sites and chat rooms pose significant threats to the welfare of
children.
Partially in response to the expansion
of these types of internet types, Congress passed the Children’s
Online Privacy Protection Act of 1998 (“COPPA”). [For full text see,
http://www.ftc.gov/ogc/coppa1.htm ]
COPPA is aimed at websites that offer services directly to children
under age 13, but it is also aimed at websites making their services
available to children under age 13, despite not being the primary
users. COPPA requires such websites to:
- Post a privacy policy with links to
the notice provided on the home page and at each area where
the site or online service collects personal information from
children;
- Detail how the operator of the
website uses the personal information and whether it is disclosed to
third parties;
- Describe every kind of information
collected from children, such as, name, address, e-mail address,
hobbies, and age;
- Institute procedures that “protect
the confidentiality, security, and integrity of personal information
collected from children."
- Provide parents with contact
information for all operators collecting or maintaining children's
personal information;
- Allow parents to review, correct,
and delete information about their children collected by such
services; and
- Obtain parental consent before
collecting, using, or disclosing personal information about a child
under the age of 13.
Services such as Myspace.com and
facebook.com clearly run the risk of violating COPPA simply by
allowing children under the age of 13 to use their services without
providing parental notification. Companies offering such online
services have a duty to institute procedures that demonstrate due
diligence in verifying the ages of its users. Failure to implement
proper procedures can give rise to substantial fines and potential
civil liability. Recently, a social networking site named Xanga, which
allows for the creation of blogs and personal web pages, was fined $1
million dollars by the Federal Trade Commission (FCC) for its failure
to comply fully with the Child Online Privacy Protection Act. Xanga
had been allowing children under the age of 13 to create online
accounts without parental notification, and they also did not provide
adequate means for parents to access their children’s accounts. The
fine is the largest of its kind ever implemented under the COPPA.
Other significant fines instituted by the Federal Trade Commission for
violations of COPPA have been handed down to companies such as
toysmart.com (no longer in existence), American Popcorn Company and
Lisa Frank, Inc., all for violations of the COPPA.
As social networking sites continue to
increase in popularity, so will the fines. Additionally, it is also
likely that in the not so distant future we will see a push for
statutorily created civil liability to allow parents to bring lawsuits
partially based on COPPA violations. If you have a client that is
thinking about beginning a networking site, or already has, it is
important to ensure that all policies are in compliance with COPPA.
COPPA has recently been renewed and will likely soon be expanded in
its reach, as more and more predators lurk the internet through social
networking sites. The best way to protect any clients that run such
networking sites is to do everything possible to protect the children
who use that site. Failure to do so may soon prove costly to both
attorney and client.
|
