Martin is a consumer, and he doesn't mind giving up a little to get a lot. "One [site] wanted to know my email address so they could email me stuff about a band, Offspring. Yah, now they email me," he recalled.
To him, the exchange is no big deal. But regulators and privacy advocates view the situation with grave concern, believing that Web sites should never solicit personal details or contact information from surfers like Martin.
That's because he is only 12 years old.
The Federal Trade Commission is knee-deep in a rule-making process to implement the Children's Online Privacy Protection Act passed by Congress last October to require commercial Net sites to get mom or dad's permission before soliciting personally identifiable information from preteens--and to possibly get retroactive approval for previously collected data.
The FTC public comment period closed last Friday, and the agency is planning to hold a workshop next month to determine the best ways to get parental consent. By next April, the rules will go into effect.
Public reaction has been mixed. Some children's sites and trade groups, including the Association of Educational Publishers, complain that the law will be too cumbersome. Others, such as the National Association of Elementary School Principals and Center for Media Education, are strong supporters of written consent from parents.
"The proposed regulations are too complex and restrictive and would unduly burden the development of the Internet," the National Retail Federation commented to the FTC. "At a minimum, it should be shifted to a notice and opportunity to opt out, rather than an active consent requirement, which is consistent with other credit laws and imposes a lesser burden, while still providing protection."
Even those who tend to know what's best for children--their parents--have conflicting views.
"There is so much information already in the public domain, and it's not as though Martin can buy anything with a credit card," said John Sterlicchi, Martin's father. "Would they have to get my permission for contests in a magazine, which have been going on for 50 years? This is complete overkill."
Joyce Patterson, who filed comments to the FTC, wants sites regulated because she wants help enforcing her own strict Net usage rules for her children, aged 9, 11, and 12.
"Quite often there are contests to enter on the sites they visit, which of course they enter, and they ask a lot of personal questions on the entry forms," Patterson said. "I try to be present when my children are on the Web, but I can't always be there."
The most popular sites on the Net usually have privacy policies explaining what type of information they collect and how they plan to use it. However, the recourse for violating these voluntary principles usually involves losing an industry privacy seal or, at the worst, being turned over to the FTC, which is rare.
Sites don't always post policies, however. Although the numbers have likely improved, in June of last year the FTC released a study showing that 89 percent of children's sites surveyed collected personal details from youngsters, but just over half provide some disclosure of their practices.
Only 23 percent of the sites advised children to get permission before giving up their name, address, and other unique details, while a meager 7 percent promised to notify parents of data collection practices.
John Newman, president of PrivacyBot, a product in development to generate privacy policies for Web sites, has children aged 13, 11, and 6. He says Congress addressed a legitimate problem when it passed the children's online privacy law.
Although he doesn't even let his youngest son go online, and the others are restricted from chat rooms, Newman still is worried his children will say too much about themselves when they're on the Net.
"As a parent you lecture your kids not to talk to strangers online or at the bus stop. They say, 'yeah, yeah, yeah,' but studies have been done and kids still talk to strangers even after being told not to," he said. "When it comes down to it, kids can't understand that their privacy is at risk."
Child advocates, for one, want the FTC to require companies to get written permission on paper before collecting data from children younger than 12. "We need stronger verifiable consent than you can get with email," said Deborah Roth, a spokeswoman for the Center for Media Education.
But others question whether making parents sign a permission slip is the best solution.
"My son forged notes in high school--forging email is not going to be any different," said Parry Aftab, an attorney who wrote The Parents' Guide to Protecting Children in Cyberspace. It would be better to set up a system in which schools became digital certificate authorities, verifying digital signatures that prove a person's identity, she said.
"The school could certify a parent and child's identity, and the Net industry could support this program. The signature will include preclearance on what information a site could take from a child, what the child couldn't share, and how to contact the parents," Aftab explained. "Then parents can decide what their child can give up, and the companies can still try to get to know their audience."
Overall, children's sites that don't collect a lot of data aren't worried about the impact of the law.
"We're not going to market to kids, we're going to market to parents," said Julie Finlay, online editorial manager at American Girl, which only collects visitors' first names, ages, and home states when girls participate in polls or advice columns.
"Our ultimate audiences is a 10-year-old girl, and we have to respect that her life is controlled by someone else: her parents," she said.
And that is exactly what privacy advocates want: for sites to simply stop asking children about themselves.
"Marketers have no business tracking information from small children--a child has no sense of privacy and doesn't know the risks," said Jason Catlett, founder of Junkbusters, which promotes privacy protections. "They shouldn't do it. Period."