In September, the Federal Trade Commission (FTC), which is the US Government branch that oversees marketing to children online, released its proposed changes to the Children’s Online Privacy Protection (COPPA) Rule.
In case you don’t know it, COPPA addresses regulatory oversight of online marketing to US children under 13. Because of the global nature of the internet, COPPA’s regulations effectively apply worldwide. COPPA is the reason for (for example) Facebook’s age cut-off at 13. Changed to COPPA affect all website registration, especially of course, those aimed at children, so please forgive this particularly wordy post, but it’s really important. COPPA are gathering views now (see the link at the bottom) so if this will affect your business, go and make your views known.
Check out the link to the proposed changes for more details, but briefly, the revisions include changes to the definition of “personal information” (to include geolocation information & cookies) and parental consent mechanisms (to include electronic scans of signed forms, video-conferencing, ID cards but to eliminate the current “e-mail plus” method).
I wanted to know what the proposed changes might mean to children, their parents and website owners, so here I’ve gathered three views.
Firstly, I spoke to Rebecca Newton, Chief Community & Safety Officer (CCSO) at Mindycandy.com, the company who run the hugely successful Moshi Monsters. Here’s what she had to say ….
“The FTC has done a fine job of gathering input from relevant industry members, including hosting a COPPA Rule review roundtable in June of 2010. The discussions and requested public comments have played a strong part in the proposed revisions, which is refreshing – if not hopeful – for a government body. Overall, I think the largest victory for a faction of industry folks is that the FTC has not proposed to raise the rule’s applicable age limit to teenagers (13 and over). [I hear faint sounds of "hurrah"s around the globe].
“It’s been nearly 14 years since COPPA was enacted. The daily Under 13 web population is approaching 25 million. It’s an understatement to say the revision is long overdue. But before we’re too quick to pop the champagne on the over 13 victory, there are a few grey areas to investigate. In particular, the impact of removing the “e-mail plus” system.
“E-mail plus” was originally meant to be a temporary verifiable parental consent (VPC) system. To read the proposed elimination of ‘e-mail plus’, consider this well-written article by Adam Thierer (@AdamThierer) and this piece by Cutter Law P.C. In a nutshell, eliminating the “e-mail plus” system today would cost a kid’s virtual world/social gaming site about 12 million dollars a year. I’ve done the math and asked a finance expert to check my numbers before I submitted that number at the FOSI.org/TechFreedom.com FTC COPPA Revision panel last week in Washington, D.C. This number assumes a registration count average of 70K users per day. I won’t take up the space in this blog to show how I arrived at that number, however, I’m happy to share it in a follow up blog post. My point is, if it costs a major successful corporation 12 million a year, how much will it cost a start-up? With all considerations of how the social/gaming web really works on a daily basis, a site operator would be lucky to get 12.5% of the parents of those 70K registered users to follow through with the proposed highest level of VPC (drivers license number, last 4 digits of a social security number, fax-back (that makes me head hurt), phone verification (now we’re edging toward a migraine) or – wait for it – Skype verification (thud! full blow migraine). None of the aforementioned types of VPC are scalable today. And until such time as we have a full-blow VPC provider with a national database of parents signed up to verify their under 13s ability to go play on a kid’s site, the high volume site operators are stuck with the 12 million dollar cost per year. I did the math, again, on how many humans it would require to deal with 17,500 parents who want to follow through with one of the above VPC methods each day – need I say any more?
“I’m not convinced 17,500 parents a day want to share their license number, social security digits, face on Skype, voice on the phone, or download, print, fill out, scan and return a piece of paper stating their child can play with monsters online. But, assuming they are somehow convinced it’s worth their time and privacy and effort, who can keep up with that many people per day? The tech implications for a site owner are scary. I didn’t even begin to do that math. And don’t get me started on the government issued national ID proposal. (too late!)
“I understand the FTC is hoping to see third party vendors create “pay-pal” type VPC systems, where parents can verify who they are and who their children are, and decide about opting in or out for this and that. And I understand there are some providers out there who can address this today or very soon. But in the meantime, I’m hoping we have a year or so of transition because we have this awkward period of knowing that no one wants to be the first on the dance floor. It will take a while for parents to understand this requirement and to comply. It’s arguable as to whether they will ever understand it, agree or comply. I hear from teachers all the time that they can’t get parents to sign permission slips for field trips. How in the world can we expect parents to take the time to verify every kid’s site registration ? Perhaps the government is counting on whining children to bring their parents into submission. That may very well work from what I see of current day parenting. On a serious note, I don’t see the VPC system catching on quickly. This potentially leaves us with fewer content-rich sites for kids. OR, an entire nation of kids pretending to be 13 and 14 during registration, which is already quite prevalent in this industry.
“I hope to make a strong case for the continuation of ‘e-mail plus’ – as I said last week, let’s not throw the baby out with the bathwater. Let’s make ‘e-mail plus’ better. There should be a sliding scale system. Something in-between eye-dentification and children clicking activation links pretending to be parents. The good news is, the COPPA revisions are proposed and not set in stone. And I believe Phyllis Marcus when she says the FTC will take all public comments into consideration and that the revisions are proposed and not final. I appreciate this about the FTC’s COPPA group. They are few but mighty and take their work seriously. I only wish the majority of parents would take their responsibilities as seriously. We likely wouldn’t have a need for COPPA (apologies, FTC!)”.
I also spoke to child safety consultant Carole Fletcher from KidsOkOnline, about her thoughts on the registration process:
“We found the only effective way to authenticate children for SuperClubsPLUS was through their schools. Teachers applied for membership. We validated the teachers by phoning their schools. Then the teachers nominated their children. It works really well for small communities but it’s expensive and not scalable for millions of kids joining networks from home. Well done COPPA for trying, but we know that very few parents will be bothered to go down the Skype/Fax route. In the long term the only answer is a one-time age registration system that creates a database that sites can ‘ping’ to authenticate a child. Until then there could be a danger that parents will encourage their kids to lie about their age, as millions already do to get into Facebook and the gaming sites.”
And finally, here isanother child safety expert, Anne Collier, talking about the changes, published in her blog, Net Family News:
“It’s one thing to keep laws in sync with tech development – that’s important. It’s another to increase regulation of tech services. I urge parents not to take calls for greater regulation of children’s tech providers reflexively as 100% good. Especially where social technology and media are concerned (technology that plays host to human communication, behavior, and creativity), regulation is a two-edged sword. While aiming to protect, it can also have a chilling effect on innovation and free speech – in this case, product development and options for children. There is no question innovation and free speech can allow for harm, but free societies protect them because they fuel individual and collective learning, creativity, and productivity for citizens of all ages. If the cost of COPPA compliance becomes too high for children’s startups and small businesses, children will have fewer options for fun and learning in digital media. This deserves careful consideration.
“In its coverage of the COPPA changes, the New York Times quotes a legal scholar as saying they won’t materially affect Internet companies because many avoid serving children under 13 anyway because of the cost of COPPA compliance even now. I’ve seen that too. So I hope wise regulators, advocates, and parents will thoughtfully seek the right balance of protection and innovation for businesses specifically serving children. Parents may also want to consider the impact on their own as well as their children’s privacy from new requirements for obtaining parental consent. They could ironically spell less privacy for parents as well as kids (i.e., more collection of parents’ personal info) in the well-intentioned pursuit of greater children’s privacy.”
What do you think? Can these proposals work? Please add a comment on this blog and we can gather some more opinions, and of course, make your views known to COPPA.
***********
To make a public comment, and please do, go to: https://ftcpublic.
References:
The proposed revisions: http://www.ftc.gov/
The FTC’s business blog (brief version): http://business.ftc.gov/blog/
Submit your comments on the proposed revisions: https://ftcpublic.
–