Children’s Online Privacy Gets Tricky
By Joanna Moore
Industry Reporter
MAY 08, 2001 — Shortly after the Children’s Online Privacy Protection Act (COPPA) celebrated its first birthday late last month, the FTC slapped hefty fines on three Web sites that violated the law. Although several sites have cleaned up their act, many still don’t live up to the spirit or letter of the children’s privacy law. At least one iSeries shop,, came up with some creative ways to avoid trouble with the FTC.

COPPA, the first Federal online privacy law, regulates the collection of personal information from children under 13. Web sites must post a privacy policy, inform parents of collection practices, and gain parental consent before collecting children’s personal information or sharing that information.

Proving it means business, the FTC last month ordered three Web companies to pay a total of $100,000 for violating COPPA. In addition, the companies must delete all personal information they collected from children since COPPA took effect.

Despite the steep consequences, two recent studies show that many sites are still in violation of COPPA. “When it comes to their privacy policies, Web sites targeting children seem not to be taking COPPA very seriously,” says Joseph Turow, author of a study for the Annenberg Public Policy Center at the University of Pennsylvania. “One year after the passage of COPPA, we found more sites skirting COPPA requirements than following them carefully.”

Out of 162 sites surveyed, one in 10 collected personal information from kids but didn’t provide a privacy link on their home page, a clear COPPA violation, according to the Annenberg study. Fourteen of these didn’t have a privacy policy at all, and those that did often had policies that were confusing or vague. “The complexity of the statements raises the question of whether companies expect or even want parents to read their policies,” Turow says.

Still, COPPA has helped bring about some positive changes, according to a study by the Center for Media Education (CME). For example, the number of sites collecting a home postal address from children dropped from 49 percent to 19.8 percent between 1998 and 2001, and the number of children’s Web sites posting a privacy policy increased threefold. But, “despite these positive changes, the industry clearly isn’t doing all it can to comply,” says Dr. Kathryn Montgomery, president of CME.

One site that has tried to toe the line is iSeries shop, an Internet-based service for managing amateur sports leagues. The site has been running for eight months, so it’s been COPPA-compliant its entire life, says John Myers, corporate director. While still in the planning stages, ScoreBook contacted the FTC and spoke to an advisor. “We went to the FTC right up front; they were very helpful,” Myers says. “They sent us documentation, which we used to try to walk our way through what appeared to be a minefield. We explained our business model, and they said we’re fine.”

The ScoreBook home page features a link to its privacy policy, with a special section dedicated to children’s privacy. But the main way ScoreBook “dodged the privacy bullet,” according to Myers, was by allowing only team or league managers to enter personal information about players under 13. The children themselves don’t enter personal information, so ScoreBook avoids the need for parental consent. “That pretty much leaves us off the hook, as the folks from the FTC explained it to us,” Myers says. If parents don’t want the site to feature information about their child, ScoreBook’s privacy policy directs them to contact their team or league manager.

ScoreBook spent very little money to be in line with COPPA, but “there are firms that have spent $40,000 and up on COPPA issues and, quite frankly, some Web sites that COPPA pretty much drove out of business,” Myers says. And COPPA is putting a bit of a crick in ScoreBook’s future plans. ScoreBook will offer personal Web sites soon, but children under 13 probably won’t be able to participate. As ScoreBook tries to build more of a user community with a chat room and other features, it will likely exclude children. “We don’t like doing that, but in the scope of things, that’s the easiest way to handle it,” Myers says.

The problem lies with gaining parental consent. “It’s not an easy thing to do,” Myers says. “We’ve thought about charging one cent or something like that just to make sure we get a credit card number that links back to the parent, but we dismissed that. We have to draw the line somewhere.”

The other problem is that you can’t really control what kids do. If ScoreBook implements individual sign-ons, there’s little it can do to prevent children from fibbing about their ages, Myers says.

For more information on COPPA, go to For more on ScoreBook, read " Dot-Com Startup Shoots and Scores with iSeries.”


Story URL:

Copyright © 2001 Duke Communications International, unless otherwise noted.
This site is best viewed with the latest versions of Netscape or Internet Explorer, 800 x 600 resolution (or higher), and at least 256 colors.