COPPA Turns One: FTC Settles with Three Firms Over Violations, Approves Second Safe Harbor
On April 19th, almost one year to the day that Federal Trade Commission (FTC) regulations implementing the Children's Online Privacy protection Act of 19981 (the Act or COPPA) became effective, the FTC announced its first civil penalty enforcement action under the Act as well as its approval of a second safe harbor program under COPPA.
The FTC brought a civil enforcement action against three Web sites, www.girlslife.com, www.bigmailbox.com and www.insidetheweb.com, that the FTC alleged had violated the COPPA Rule by collecting personally identifying information from children under 13 years of age without prior parental consent. Girlslife.com, geared to girls aged 9 to 14, posts content such as advice columns, contests and pen-pal programs. Girlslife.com partnered with BigMailbox.com and Looksmart.com to offer free e-mail accounts and online message boards. The FTC charged each defendant with collecting personal information (full name, home address, phone number, and email address) without posting privacy policies, collecting more personal information than was necessary to participate in the online activity, and failing to obtain parental consent prior to the collection of such personal information. In addition BigMailbox.com was charged with providing children's personal information to third parties without prior parental consent. Girlslife.com has agreed to pay a fine of $30,000; the other two Web sites have agreed to pay fines of $35,000. In addition, all three sites have agreed to delete all personal information that had been collected from children, post privacy policies in compliance with COPPA, and, for a period of five years, provide a link on their site to the FTC's kidzprivacy site as well as to provide the FTC will information insuring their compliance with COPPA.
On the same day that it announced its this settlement, the FTC also announced that the Entertainment Software Rating Board (ESRB) has been approved as a "safe harbor" program under the Act. Safe harbor programs are privately developed, self-regulatory plans that, after approval by the FTC (with a notice and public comment period) provide operators with a guaranty of compliance with COPPA if the operator adheres to the plan. ESRB is the second safe harbor program approved; the Children's Advertising Review Unit of the Council of Better Business Bureaus has already received FTC approval.
You can obtain more information regarding internet privacy guidelines in general and COPPA in particular by visiting the FTC's site at http://www.ftc.gov.