Imagine your daughter walking into a toy store all by herself. Before she’s allowed to look around, a clerk pesters her to announce her name, address, phone number and birthdate—and perhaps even more information. As she wanders around the store, the clerk follows her and takes notes on everything that she does. The store then not only tries to use that information for itself, but also shares the information with other stores. When your daughter leaves the store, the clerk follows her to where she goes next and tells people her previous location. Even when the girl is at home or at a park, the clerk spies on her, writing what she’s doing and where she is. All of this information then is stored in a filing cabinet that has a flimsy lock to protect it. As her parent, you have no clue that all of this information is being collected about your child.
Although that won’t happen in a store, it’s essentially what can happen when your child goes online.
To try to restrict the access that websites, mobile applications and online advertisers can have to your child, Federal Trade Commission now enforces an updated and strengthened version of the Children’s Online Privacy Protection Act, which Congress passed in 1998.
The child privacy law requires “verifiable parental consent” before a commercial website that’s “directed to children” may collect personal information from children who are younger than 13 years old. The requirement extends to general-interest websites if the websites have “actual knowledge” that the user is under 13. As of July 1, 2013, that directive covers technology that wasn’t available before the start of the 21st century. In other words, in addition to websites, developers of apps and plug-ins, which add features to apps, programs and websites, as well as third-party advertising networks now also are subject to the rules about collecting personal information from children who are under 13. “Personal information” also has been redefined to include geolocation data, as well as audio, images and video files.
Concerns Go Beyond Privacy
That might sound reassuring to parents who have children who log on to the Internet, but you should know that websites have ways around the child privacy law. If a general-interest website doesn’t ask users to specify their date of birth, then it likely doesn’t have that all-important “actual knowledge” of the child’s age. Without the actual knowledge, nothing is in place to prevent children from providing personal information that can be maintained by the website, or, as in the case of social-networking websites, shared with friends or even third parties. Moreover, after a website that’s “directed to children” gets verifiable parental consent, it can collect pretty much anything that it wants from users who are under 13.
Unfortunately, the child privacy law also produces unintended negative consequences. These include making it more difficult for smaller companies to provide child-directed services and preventing other companies from opening their doors to children, even when parents want them to use the website.
TANGLED WEB. On the surface, it seems as though it should be easy for websites to comply with the child privacy law, so parents can decide what’s best for their children, but it actually is a hassle for the websites and, thus, for consumers. If a website wants to obtain your consent, it must provide you with a consent form to be signed and returned via fax, scan or mail. Alternatively, you can call a toll-free telephone number that’s operated by trained personnel from the website, or the website can check your government-issued identification against a database that contains the information that’s on the ID. If a financial transaction is involved, however, consent can be obtained simply by getting your credit-card information. Ironically, to ensure that your child’s privacy is protected, you have to turn over personal information about yourself and your child as a result.