Rules protect kid Web privacy

Online: New federal regulations require Web sites to get parents' approval before gathering information about preteen users.

April 03, 2000|By Mark Harrington | Mark Harrington,newsday

Federal regulations aimed at protecting children's online privacy take effect this month, forcing Web sites that cater to kids younger than age 13 to get parental permission before they collect personal information about children who visit them online.

The sites must state in plain language what information they're gathering, and what they plan to do with it.

But the regulations -- the first Internet privacy rules overseen by a federal agency, in this case, the Federal Trade Commission -- are going into effect at a time of heightened public concern about secret poaching of personal data on the Internet. And even as regulators move to bring the industry into compliance, they acknowledge that new technologies and practices could soon stretch the limits of these new rules.

In addition to the provisions forcing privacy disclosures and parental control, the Children's Online Privacy Protection Act, which goes into effect April 21, says Web sites must state whether any data gathered on a child will be shared with advertisers. It also must provide company contacts so that parents can review what information the site might have collected on their child.

The Children's Advertising Review Unit, a trade group whose members include some of the largest advertisers to children, has been tracking ads aimed at kids in all media for 26 years. It suggested a version of the Internet rules in 1996, and that standard became the framework for the new regulations. But much has changed since 1996, experts say.

For instance, the rules make only a general reference to "cookies," the digital tags placed on a user's computer that can enable advertisers to track a child's Web visits from site to site.

Since the regulations were signed into law in October, a public firestorm has arisen over how cookies are used by Net advertising firms.

The issue developed after online ad firm DoubleClick Inc. revealed then withdrew plans to link information on surfing habits to information that could identify computer users. The children's privacy rules require that sites disclose when they link cookies with personal information without trying to restrict their use.

"Given the unspeakable pace of technological change, that implementation of the act [relating to cookies] might be revisited," said Elizabeth Lascoutx, director of the Children's Advertising Review Unit and vice president of the Council of Better Business Bureaus.

Of equal concern, experts say, is the move into wireless Internet technology. Some say technologies being developed would allow advertisers to direct messages to mobile computer users via Internet-linked cell phones or personal digital assistants based on users' locations and cell phone numbers.

In other words, software could be designed to automatically e-mail or call kids on their cell phones with an ad when they walk past a store for instance, sending along a few seconds of a new hit song along with a dollar-off digital coupon for a CD. Increasingly, children between the ages of 10 and 16 are carrying cellphones, experts say.

Andrew Shen, policy analyst for the Electronic Privacy Information Center, a Washington privacy-rights group, isn't sure the new privacy regulations could hold off such an effort.

"The question is, should we allow this to happen in any situation?" Shen asked. "If I were a parent, I'd be uncomfortable with someone else other than me knowing where my kid is all the time."

While saying that existing rules will help parents avoid abuse of their kids, Lascoutx readily acknowledges that wireless Internet and other new technology present challenges.

"Convergence is my nightmare," she explained. "I don't know how any of these things are going to be monitored, and I don't know how anybody's going to enforce monitoring."

The FTC has established a phase-in period during which the new rules will be implemented on a "sliding scale" under which "the required method of consent will vary based on how the operator uses the child's personal information."

Companies that share the information with outside marketers will be judged on a more rigid scale of compliance, the FTC says, while those whose data collection is for internal use have until April 2002 to comply unless complaints are made against them.

Last year, a study commissioned by the Children's Advertising Review Unit found that while most sites aimed at children collect data, 73 percent failed to post privacy policies. Since then, several companies with much vested in their Web operations have very publicly moved to at least meet the rules.

For instance, Walt Disney Co.'s Go Network and other Disney-owned sites, popular among children, have been in compliance with the rules, and have said they will increase their security by April 21 by insisting on proof of parental consent by requiring a credit card, said Larry Shapiro, the network's executive vice president of corporate development.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.