Coping With COPPA

Kids’ marketers adjust to demands of the Children’s Online Privacy Protection Act

AT LEAST SINCE APRIL, when the law became effective, Web sites that cater to kids have been working to comply with COPPA (the Children’s Online Privacy Protection Act). For some, that’s meant instituting expensive procedures for obtaining parental consent to allow kids to use the site. For others, it’s meant more drastic measures.

For example, in April, eCrush.com withstood a barrage of complaints from children under 13 (COPPA’s cutoff age) when the dating site decided to limit participation to teenagers and adults, rather than eat the costs of getting parents’ permission.

Another company, Zeeks.com, tried to make a go of the registration process, but recently announced that it was pulling its e-mail and chat services rather than spend the estimated $200,000 needed annually to comply with the regulation.

COPPA uses a “sliding scale” for parental consent: The required method of consent becomes more rigorous as the Web site uses the personal data in a way that exposes kids to more danger. Sites that don’t share the information with third parties need only get e-mail permission from parents, for which they must try to do a follow-up verification. If sharing it, they must get a “verifiable consent” in the form of a letter, fax, phone call or credit card number. Each violation could bring a fine of $11,000.

These rules also apply to sites that allow kids to interact with each other – such as through e-mail, via instant messages, in chat rooms or on bulletin boards – where they might reveal identifying information about themselves. (There are certain exceptions. For example, an e-mail address can be taken for a one-time contest as long as the address is later deleted.)

Compliance can be expensive – and a hassle. “Some sites have expressed frustration that too much work and money is spent on hiring people who wait for the phone to ring so you can get parental consent – it’s almost tedious,” says Judy Chien, director of business development for COPPACamp.com, a company in Vancouver, British Columbia that’s just started offering an e-certificate service for registering parental consent.

Because many Web companies still seem to be confused about COPPA’s requirements, the Federal Trade Commission, which oversees the law, recently held an educational workshop and has another one planned for the West Coast.

Some firms got a jump on compliance. Since May 1999, Yahoo!’s Yahooligans! kids’ site has required a “Yahoo! family account,” backed by a credit card number, for anyone under 13 to register.

Disney.com has taken a similar approach. Michelle Bergman, director of communications for the Walt Disney Interactive Group, says the company started requiring such family accounts with credit card numbers in April this year for children to use any external communications features, such as e-mail.

Bergman says Disney has taken “painstaking efforts to educate our user base” about the policy change, and why families need to provide a credit card number when they aren’t buying anything.

What about kids who lie about their age? “Unfortunately, we have no way to know that,” says Yahoo! privacy manager Anne Toth. “At the end of the day, parents and children need to be working together to responsibly use the Internet.”

Some sites go beyond what the regulation requires and have, for example, chat room monitors. “We have 35 part-time staff members inside chat rooms keeping kids safe,” says Jessica Halem, marketing manager of FreeZone.com. “If you’re working with kids, you don’t want anything bad to happen on your watch.”

Halem says FreeZone spends nearly $97,000 to comply with the law’s consent requirements, though it’s had those procedures in place since it launched in 1995.

Not every company is willing to fork over that money. On Sept. 15, Zeeks.com shut down its e-mail and live chat services after several months of offering parental registration. The site now has a bulletin board, for which messages are checked before they’re posted (according to the FTC, that procedure does not have the consent requirement).

“They can carry on a conversation but it’s not live,” says CEO Steven Bryan. “The difference is it’s not what the kids want to do. It’s not the same as a chat room.”

Zeeks.com had two levels of registration. Bryan says that before COPPA went into effect, he had 1,000 kids a day signing up for the higher level, to use chat and e-mail. Now only 100 do.

“I think we’re creating a non-interactive kids network on the Internet,” Bryan says. “We’re dumbing down kids in the sense that we’re saying kids interacting is a bad thing. To a certain extent that can be true. But we want parents to take an active role in monitoring their kids’ Internet use. Instead, the industry has been forced to become the parent.”