An Educator's Guide to Privacy

Kids' Privacy on the Net

Millions of children search the vast amount of information on the Internet with ease.  In fact, there are currently an estimated 42 million children online, as compared to the estimated 10 million children online in 2000 (PRC, 2000).  Due to this influx of children surfing the web, advertisers and marketers are increasingly using the Internet to gather personal information from children for research and marketing purposes.  The personal information being sought from the children has increased the concern about kids' privacy on the Internet.  Parents are concerned about many risks presented by this lack of privacy on the Internet; these risks are discussed in the original white paper on this topic, which was completed in 1999 and can be found at http://lrs.ed.uiuc.edu/wp/privacy/index.html.  In addition to providing background about kids' privacy issues, this paper discusses the new issues and solutions related to children's privacy on the Internet that have developed since the 1999 edition was written.

History of Kids' Privacy on the Net

In July 1997, the Federal Trade Commission issued guidelines that apply to the online collection of personal information from children.  The FTC stated that it considers the collection and sale of information from children without due disclosure and parental consent to be an unfair practice under Section 5 of the FTC Act (PRC, 2000).  This personal information is defined as such items as name, e-mail address, home address, and home phone number.  The FTC also stated that the web operators of the sites soliciting children's personal information must disclose the intended uses of the information; if they disclose such information to a third party, the web operators must obtain parental consent.

The Center for Media Education also sought to protect children's identification while online.  In 1997, the CME conducted a survey of 38 popular children's web sites.  They found that 90% of the sites collected personal information from children; however, none of the sites tried to obtain parental consent before disclosing that information (PRC, 2000).

The FTC continued to monitor children's web sites.  In June 1998, the FTC issued a Report to Congress on Privacy Online.  This report stated that the FTC found that 89% of the 212 child-oriented web sites it visited collect personally identifiable information directly from children, and only half of them disclose their information collection practices.  Fewer than 10% of these sites provide for some form of parental control over the collection of information from their children (PRC, 2000).  The FTC recommended that legislation be passed that allowed parents to have control of the online collection of their children's personal information. The FTC's request was granted.  In October 1998, congress passed the children's Online Privacy Protection Act (COPPA).

COPPA

The children's Online Privacy Protection Act (COPPA), which was passed by Congress in 1998, requires the FTC to issue and enforce rules concerning the privacy of children while online (COPPA is not to be confused with COPA, which is the Child Online Protection Act.  COPA is an entirely different, controversial anti-pornography law that was declared unconstitutional).  On October 20, 1999, the FTC issued that children's Online Privacy Protection Rule.  This Rule went into effect on April 21, 2000 (CDT2, 2002).  The Rule's primary goal was to put parents in control of what information was collected from their children online.  The Rule applies to web operators of commercial web sites that are directed to children under 13 that gather information from children, web operators of general audience sites that knowingly collection information from children under 13, and web operators of general audience sites that have a separate children's area where they collect personal information from children under 13 (FTC1, 2002).  Essentially, it is understood that children under 13 may not be fully capable of understanding the consequences of disclosing personal information online.  For this reason, COPPA was designed to ensure that children could continue to interact and search for information on the Internet without being unfairly targeted by web sites.
    

If a site wishes to gather information from children, the FTC Rule requires that web operators do the following:
 

Please note that teachers may act in place of the parents when deciding whether or not to give consent (FTC4, 2000).

In order to determine whether a web site is directed to children, the FTC considers many factors, which include subject matter, visual or audio content, language, advertising within the site, and whether a site uses animated characters or other child-directed features (FTC3, 2002).

Web sites that offer chat options to children have two choices under the FTC Rule.  The sites can either ensure that personal information if stripped from children's messages and deleted from the site's records or the sites can obtain parental permission via fax, 800 numbers, credit card verification, digital certificates, or e-mail combined with a password issued through one of the other verifiable methods (CDT1, 2002).  By the completion of either of these options by the sites, children can be allowed to enter chat rooms online.

Overall, COPPA and the FTC Rule provide many guidelines to help protect children online.  web sites must follow these guidelines or be faced with a hefty fine, as determined by the FTC.  The FTC continues to monitor web sites to determine if they are complying with the rules.  In 2001, the FTC conducted another survey of children's web sites; they found that much progress had been made since their 1998 survey.  Nearly 90% of the sites in the survey that collected personal information from children had privacy policies, as compared to 24% in 1998.  At the same time, however, the survey showed that many sites are note fully complying with all of the requirements of the Rule.  Only about half of the sites surveyed complied with requirements such as informing parents about their right to review information collected, have it deleted, and to refuse further collection of information (FTC2, 2002).

TRUSTe

For companies seeking to comply with the requirements issued by COPPA and the FTC Rule, a program now exists to assist the companies with meeting the numerous requirements.  The TRUSTe Children's Privacy Seal Program provides a solution for these companies in addressing children's online privacy issues.  The children's Privacy Seal Program is fully compliant with COPPA.

For a company entering the TRUSTe program, a privacy seal is posted on that company's website.  Parents and children who visit that site know that the site has fulfilled the requirements for TRUSTe and COPPA, that TRUSTe is continually reviewing the site to ensure that the site is not violating its privacy policy, and that a formal complaint and resolution procedure exists if visitors of the site feel that the site is not in compliance with the TRUSTe program (TRUSTe, 2001).  The TRUSTe program is designed to ensure fair information collection practices with regard to children.  All parents want a safe and trustworthy environment for their children online; the TRUSTe children's Privacy Program helps ensure that children are protected online.

Conclusion

Protecting children's privacy while online has rapidly become an increasingly important issue.  Many risks exist for children online.  Congress addressed this issue with the passing of COPPA in 1998; the FTC passed their Rule in 1999 that further addressed the issue of children's online privacy.  web sites now have multiple requirements they must meet if they wish to gather information from children under the age of thirteen.  If the sites do not comply with these regulations, the FTC will mandate that the site pay a hefty fine.  While the Rule does not guarantee that children are completely and fully protected from advertisers and marketers while online, the FTC is striving to create a safe, trustworthy environment for children online by continually checking to see if web sites are fully compliant with COPPA and the FTC Rule.  By remaining vigilant, the FTC and other child protection agencies will continue to ensure that children are safe online.  They cannot do it alone, however; parents and educators must teach children about the appropriate disclosure of their personal information while online.
 

Resources:

Center for Democracy and Technology (CDT1) , 2002.  "Analysis of Rules Implementing the children's Online Privacy Protection Act."  Retrieved from the World Wide Web on July 17, 2002 at http://www.cdt.org/privacy/cdtanalysisofftc.shtml

Center for Democracy and Technology (CDT2), 2002.  Children's Privacy.  Retrieved from the World Wide Web on July 17, 2002 at http://www.cdt.org/privacy/children/

Federal Trade Commission (FTC1), 2002.  "Drafting a COPPA-Compliant Privacy Policy." Retrieved from the World Wide Web on July 17, 2002 at http://www.ftc.gov/bcp/conline/edcams/coppa/index.html

Federal Trade Commission (FTC2), 2002.  "FTC Protecting Children's Privacy Online."  Retrieved from World Wide Web on July 17, 2002 at http://www.ftc.gov/opa/2002/04/coppaanniv.htm

Federal Trade Commission (FTC3), 2002.  "How to Comply with the Children's Online Privacy Protection Rule."  Retrieved from the World Wide Web on July 17, 2002 at http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm

Federal Trade Commission (FTC4), 2000.  How to Protect Kids' Privacy Online: a Guide for Teachers.  Retrieved from the World Wide Web on July 17, 2002 at
http://www.ftc.gov/bcp/conline/pubs/online/teachers.htm

Privacy Rights Clearinghouse (PRC), 2000.  Children in Cyberspace-A Privacy Resource Guide for Parents.  Retrieved from the World Wide Web on July 17, 2002 at http://www.privacyrights.org/fs/fs21-children.htm

TRUSTe, 2001.  "Children's Privacy Seal Program."  Retrieved from the World Wide Web on July 18, 2002 at http://www.truste.org/programs/pub_child.html


Return to An Educator's Guide to Privacy