Isn't this unconstitutional? Probably not. COPPA is sometimes confused with the Child Online Protection Act (COPA), which prohibited online distribution of content "harmful" to minors. At least one court has held that parts of COPA violate the First Amendment. There has yet to be a constitutional challenge to COPPA.
Who must comply with COPPA? Every operator of a commercial Web site needs to comply, either by not knowingly collecting children's personal information or by adhering to the FTC's parental notice and consent requirements and usage restrictions. COPPA particularly affects any operator whose site is directed in whole or in part towards children under 13, or who knows or suspects that it collects personal information from children under 13.
What type of information collection is regulated? COPPA regulates only the collection of personally identifying information, such as a child's name, e-mail address, or phone number. It does not apply to statistical information, such as aggregate numbers of "impressions" on a Web site, unless such information is linked to information that can personally identify the user.
How do Web sites comply with COPPA? COPPA prevents Web sites from knowingly collecting children's personal information without parental consent. A site "knowingly" collects information from children any time that the information it collects from a user reveals that the user is a child under thirteen. However, the FTC has clarified that you can't avoid "knowing" that you have collected information from children merely by not asking users their ages. The FTC and state authorities will take action against a Web site that should know that the person submitting information is under 13.
Does this mean that sites for under-13 students can no longer legally offer chat rooms, ask questions of visitors, or gather information about them? No, but to comply with COPPA, the site must first
What forms of parental consent qualify? The FTC's regulations require that consent be "verifiable." Sufficient methods include having children download a form for their parents to sign and return by fax or mail to the Web site operator, or providing a trained staff to take telephone calls to verify that it is indeed a parent providing the consent.
Consent by e-mail is allowed only if additional steps are taken to ensure that the person providing the consent is the child's parent. For the consent to be valid, the parent must also be given notice of the Web site operator's policies with respect to the use of his or her child's information (possibly by calling the parent's attention to, or providing a copy of, the operator's privacy statement).
Can a school act as an intermediary between parents and operators for
purposes of granting consent? Yes. The FTC has noted that a school can
provide operators with the appropriate consent on behalf of parents. For
example, the school could obtain parental consent for each student at the
beginning of each school year for in-school Internet access. A Web site
operator is allowed to presume that consent provided by the school is based
on the school having obtained this consent from parents. Prior to seeking
a blanket permission statement at the beginning of each year, schools may
wish to consider educating parents on classroom uses of the Internet and
which educational activities require Web sites to collect personal information
from children. -Kevin J. Kuzas
TechLEARNING
is brought to you by CMP Media,
Inc.