Everybody can agree that the privacy of children needs to be protected when they use the Internet.
Young children invite trouble by logging on, posting pictures of themselves, giving out their cellphone numbers, birthdays, home addresses and other personal information – even on websites geared to their age-group – if that data isn’t protected.
The question is, whose responsibility is it? Regulators and Web-based companies don’t agree how to do it, and their battle is being waged through the Federal Trade Commission.
Back in 1998 – eons ago in cybertime – Congress passed the Children’s Online Privacy Protection Act of 1998, or COPPA, which requires operators of websites to notify parents and obtain their verifiable consent before collecting, using or disclosing personal information about children younger than 13.
The FTC, which has the authority to issue regulations and enforce COPPA, wants to update the law to address innovations in the online world, including social media platforms and new mobile devices and the apps that go with them. The updated regulations are expected by the end of the year.
But the commission is being met with fierce pushback from Facebook, Google, Microsoft, Apple, Viacom and a host of tech industry insiders. The industry position amounts to this: Due to the amorphous nature of the Internet, the FTC proposals contain unreasonable burdens for the companies.
Consider the use of plug-in software that allows one website to offer a link to a page from another website. Simply by clicking their mouse, users can link to a video, an app, a photo or some other cyberexperience. The popular ability to “like” another site via Facebook is an example.
The problem is where does responsibility lie for COPPA compliance with so much interconnectivity? Which entity is the legal operator of the content, and is therefore responsible for adhering to guidelines restricting information gathered from children?
The FTC is attempting to stretch the responsibility when websites are aimed at children or when companies have “reason to know” they are dealing with children.
In reply, the tech firms argue that the FTC doesn’t get that website publishers operate separately from plug-in providers and the two therefore can’t be linked for accountability purposes.
A persistent problem facing Web companies is the difficulty of verifying how old a given user is. Facebook, for example, has an estimated 7.5 million users under the age of 13 and 5 million under the age of 10, according to a Consumer Reports study from 2011. Many of these kids skirted the company’s age restriction with the help of their parents.
It is fair to say that, no matter what safeguards Facebook puts in place, there will always be underage users.
The industry worries that the burden of potential liability would be chilling to the development of social media and other Web-based commerce.
Facebook warned that “changes to the COPPA rule that seem simple in theory could have unintended and profound effects in practice.” Yet it’s clear the rules need to keep up with new technology.
The FTC recently announced a $1 million civil settlement against a Web company that had operated fan pages for Justin Bieber, Rihanna, Selena Gomez and Demi Lovato. According to the FTC complaint, the firm registered more than 25,000 kids under the age of 13 as fans – without parental permission – and collected and maintained personal information from nearly 75,000 more kids who started to register but never completed the process.
Child advocates argue that this was not an isolated case.
Preteens are not some marginal demographic; they form a massive market for all manner of consumer products.
And we should not assume that incursions into kids’ privacy are merely accidental.
Protecting children’s privacy – to say nothing of that of adults – from the mighty information-gathering powers of Internet marketers is no simple matter, especially for the marketers who wish to comply with regulations. However, that is no excuse for not doing it.
The back and forth of the FTC’s extended comment period for the new regulations is all for the good. Ultimately, though, the industry needs to understand that the Web should not be an autonomous, self-regulating realm.
Corporations are working hard to influence how people – including children – use cyberspace, and – let’s not kid ourselves – their objective is to make massive profits.
Web enterprises are doing a good job figuring out new ways to make money.
Now they need to focus some of their brainpower on how to do that while responsibly protecting children’s privacy.