Report Says Kids’ Sites Fail to Cope with COPPA

Barely one year after its enactment, marketers are still not complying with the Online Privacy Protection Act (COPPA), a research group has found.

Of 162 sites examined in a study by the Annenberg Public Policy Center, one in ten did not have a privacy policy link on their home pages, and 14 had no privacy policies at all.

In addition, only 44% of the 90 children’s sites that collected personal information and had privacy policies followed the Federal Trade Commission guideline that the link’s font style should be different from that of adjacent words, according to the report released on Wednesday.

Ben Isaacson, executive director of the online trade group AIM, accepted the findings, but said they should have been released by the FTC.

“We knew compliance was going to be a long and arduous process,” Isaacson continued. “A lot of companies shifted their business models away from children because of that issue.”

The FTC rules implementing COPPA went into effect last April.

In general, the sites examined “often did not live up to the spirit and sometimes even the letter behind the rules,” wrote the author of the report, Joseph Turow, a professor with the Annenberg School for Communication at the University of Pennsylvania.

For example, the study found that even companies that had privacy policies failed to provide information required by the FTC.

To explore this issue, Turow and his assistants examined 90 sites that indicated they might collect personally identifiable information. Of 34 sites that said they shared such data with third parties, 11 failed to inform parents of their right to disallow that sharing.

“Clearly, parents reading through many of the sites would be hard-pressed to find out about all the rights that the Federal government says they should know they have,” Turow wrote.

Turow’s team also found it hard to understand many of the policies. Some “were so vague or complex, with the children’s statements so entangled with jargon, that it seems natural to question whether companies expect or even want parents to read their policies,” Turow wrote. “No parent can be expected to read policies as carefully as our coders did to learn what their rights are.”

The report also listed 17 sites that allegedly posted no privacy link on their home page. However, three of these sites posted a link on parts of the site where information was collected.

Isaacson argued that parents want the privacy statement at the point of collection of information. “People aren’t going and looking for it,” he said.

But Turow wrote that FTC wants parents “to be able to access the information quickly when they evaluate a children’s site.”

One of the 17 listed sites, Nancydrew.com, did have a privacy policy link on its home page today, stating that the firm does not collect personal information or use cookies. It was not clear when the policy was posted.

Turow commented that the operators of some of the listed sites would likely argue “that they re not ‘directed’ to children,” Turow wrote. But “the criteria we used in consultation with FTC staff members did