On Oct. 20, the Federal Trade Commission finalized the Children’s Online Privacy Protection Act of 1998. As of April 21, 2000, Web sites must get parental consent before collecting, using, or disclosing personal information from children under 13 (June promo).
“It puts parents in control over the information collected from their children online, and is flexible enough to accommodate the many business practices and technological changes occurring on the Internet,” says FTC chairman Robert Pitofsky in a statement.
In response to industry comments, the FTC adopted a “sliding scale” of different consent formats, depending on how data will be used. For two years, marketers responding to kids based on personal information can use e-mail correspondence as long as they follow up to make sure it’s the parent giving consent (and not a crafty child). Marketers can confirm parents’ identity via e-mail response, phone, or postcard, the FTC suggests.
After two years, the sliding scale will be replaced by “more reliable methods” that are immediately required of more sensitive data use such as chatrooms or info shared with third parties. Those sites must get parental consent via print-and-mail forms, e-mail with a password, toll-free phone, or credit card (to verify parents’ identity).
Parents can forbid marketers to share data with other companies. Schools can give consent on behalf of parents. The rule applies only to data given online, not any submitted offline (even to an online request).
The FTC modified the rule to address some of the 145 comments it got from Internet businesses, privacy and children’s advocacy groups, and technology companies.
The Act’s full text is available at www.ftc.gov or via the FTC’s Consumer Response Center at 877-382-4357.
Network
