The Privacy Lawyer: Kids' Online Privacy - InformationWeek
01:40 PM

The Privacy Lawyer: Kids' Online Privacy

What you don't know about children's privacy regulations and your online information collection practices can hurt you, says Parry Aftab.

Set Clear Collection Practices
If you run a commercial entity with a general-audience Web site, you need to debrief all involved on their collection practices. Even if COPPA doesn't apply to the site, you may still run afoul of the consumer-protection laws if your privacy policy doesn't accurately and completely disclose what personal information you collect from Web-site visitors and what you do with that information.

It's interesting to note that the law in the United States doesn't require that most sites have a privacy policy at all. Yet, those who voluntarily post one face liability for any misrepresentations or inaccuracies. So while it is certainly best practices and responsible consumer protection to post one, you may find yourself facing greater legal liability than if you don't post one at all. (All children's sites, under COPPA, are one of those exceptions and are required to have accurate privacy policies posted throughout the site.)

If you collect a Web-site visitor's age or grade or similar information online (offline collection has different rules), you may have actual knowledge that you're collecting personal information from a "child" and need to comply with the full panoply of COPPA regulations. Even if you don't overtly request that information, you may still be found to have that knowledge if you have monitored chat rooms or discussion boards at which a user may disclose that information. If the site collects any personally identifiable information from its users or provides any means of public disclosure of such information (such as through an E-mail service, chat room, discussion boards, or instant-messenger service), and the site is alerted that a particular user is a statutory "child," then the site must comply with COPPA.

Think you're off the hook, since you're simply an Internet advertiser? Think again! Banner advertisers and network advertising companies are covered by COPPA and its regulations if they advertise at children's sites and collect personal information from children who click through from such sites. They're also covered if they have ownership or control over such information collected directly at the children's sites. Database-management companies have special treatment under the law, but are covered by COPPA and its broad reach as well. Advertisers at general-audience sites may also be covered by COPPA if they collect personal information from people who click through, and that information discloses that the visitor is a child.

Consider What Info You Collect
Many companies are collecting data from their Web-site visitors without knowing why they're collecting it or if they're using it properly. Unless companies are under investigation or have heard of another company under investigation, their legal departments rarely communicate with Web masters. It's a good idea to check and see what you're collecting and how, as part of a regular internal audit. Think carefully about why you're collecting certain information and whether you're really using it. Collecting and storing data when insecure practices subject you to serious legal liability and even more dire public relations, especially when you aren't using it, is costly. Think before you collect. And think again before you store it for any length of time. And make sure the lawyers, the marketing people, the PR crew, and the business and IT group are involved in this decision. Human resources should be included as well, especially if it involves any employee-interfaced collection practices.

Few lawyers, even among experienced cyberspace law practitioners, understand the children's Internet industry and the regulations and safety concerns that apply to it. But the failure to understand what information can be collected from children, how it can be used, and what needs to be accurately disclosed to parents, has cost many companies dearly. With this tough child-protection law on the books, all commercial Web sites must be vigilant in ensuring that the rights of parents to notice and consent are honored. If companies ignore parents' concerns regarding privacy and advertising, they will have to face tough enforcement of government regulations aimed at U.S. advertisers' marketing to children online and child protection, and the even tougher scrutiny of disgruntled parents.

To discuss this column with other readers, please visit the Talk Shop.

To find out more about Parry Aftab, please visit her page on the Listening Post.

Continue to sidebars: COPPA Checklist and COPPA Came About

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll