3 Tips For Your General Audience Site To Avoid Tripping The COPPA Trap

in Internet Marketing Strategy

If you think that the Children’s Online Privacy Protection Act (COPPA) applies only to websites that target children under 13, you’re uninformed. Sony found out the hard way, and as a result Sony has agreed to pay a $1 million fine in settlement of a case brought by the Federal Trade Commission (FTC). You can avoid falling into this trap with your general audience site if you follow 3 simple tips.

COPPA or COPA?

In January, 2009, the US Supreme Court refused to hear the government’s appeal of a July, 2008 ruling by the 3rd Circuit Court of Appeals that the Child Online Protection Act of 1998 (COPA) was unconstitutional. This refusal by the US Supreme Court means that COPA is now unconstitutional — once and for all.

COPA should not be confused with COPPA. COPA (now unconstitutional) imposed both civil and criminal penalties on commercial website operators that publish sexually explicit material without also using credit card authentication or other technological measures to verify viewer age and block access by minors.

COPPA, on the other hand, prohibits the collection, use, or disclosure of personal information from children under 13 on the Internet through the use of unfair or deceptive practices. COPPA requires parental notification and consent prior to the collection of such information, and as you’ll see below, COPPA applies not only to sites that target children, but also to general audience sites (the COPPA trap). COPPA is constitutional, and it’s currently being aggressively enforced by the FTC.

The Sony Case

On December 11, 2008, the FTC announced its agreement with Sony BMG Music Entertainment in which Sony agreed to pay $1 million to settle the FTC’s COPPA claims. Specifically, the FTC’s charges were based partially on information collected by Sony regarding the date of birth provided by registrants to Sony’s social networking sites.

The key fact here is that Sony’s sites are “general audience” sites — that is, their sites are not “directed to children”. Sites that are clearly directed to children fall easily within the regulation of COPPA. However, general audience sites also are regulated if they “knowingly collect personal information from children under 13″, and that’s where Sony fell short according to the FTC.

Sony represents hundreds of musicians and entertainers, some of which are popular with children and teenagers. To promote these artists, Sony operates over 1000 related websites. Many of these sites provide social networking opportunities including functionality providing for personal fan pages, reviews of albums, uploading comments, posting comments, and private messaging.

As part of the registration for many of Sony’s sites, Sony required users to provide personal information, including their date of birth. Approximately 30,000 children under 13 provided their dates of birth which resulted in Sony having knowingly collected information from children under 13, without first getting parental consent. The FTC alleged additional COPPA violations including the failure to provide sufficient notice of what information was collected from children, how Sony used and disclosed this information, and the failure to provide parents with a reasonable means to review the information collected.

3 Tips To Avoid Tripping The COPPA Trap
If you operate a general audience site, you’re encouraged to act on the following tips to avoid an outcome similar to the Sony case:

  1. Review your registration pages to see if you have collected age-indicating personal information such as age, date of birth, or school grade — if so, remove these fields from your registration process, and for the information already collected from children under 13, the best recommendation is to see an attorney for a possible remedy before it’s too late;
  2. Review your site to see if there is any page (or pages) that may inadvertently be directed to children — even if your site as a whole is not directed to children, if a single page is directed to children, you should modify it or comply with COPPA; and
  3. If you want to age-screen registrants, you should use a methodology that is age-neutral — that is, a methodology that does not encourage children to lie about their age (for example, don’t stipulate that “you must be 13 or over to register”), and if you ask for a date of birth, collect only the month and year, not the day.

Conclusion

The lesson to be learned from the Sony case is that general audience sites are not immune from regulation by COPPA. If you operate a general audience site, follow the 3 tips, and if you have unresolved questions, see an attorney — a COPPA violation is a serious matter.

This article written by Chip Cooper. Copyright 2009 Chip Cooper.

Leading Internet, IP and software lawyer Chip Cooper has automated the process of drafting website documents for small websites with his MyLegalFirewall website documents drafting service. Discover how quick, easy, and cost-effective it is to determine which legal compliance documents you need and to draft them online, and claim your FREE Special Report; Determine Which Legal Documents Your Website Really Needs.
Disclosure: this website is an affiliate of DigiContracts.com and may be paid commissions for sales referred by this website.

Like this article? Email, Print, Bookmark or Share it:
  • email
  • Twitter
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • MySpace
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • MSN Reporter
  • Netvibes
  • StumbleUpon
  • Technorati
  • Yahoo! Bookmarks

Leave a Comment

Anti-Spam Quiz:

Previous post:

Next post: