X

New guidelines on child privacy

Industry group TRUSTe is creating a new child privacy program that it hopes will address issues raised by the FTC and the so-called Bryan bill.

3 min read
Industry group TRUSTe is creating a new child privacy program that it hopes will address issues raised by the Federal Trade Commission and the so-called Bryan bill now pending in Congress.

The FTC has reviewed TRUSTe's child privacy guidelines, which generally bar Web sites from collecting personal information from children under 13 without verifiable parental permission. They also require child-oriented Web sites to state clearly and prominently what information is being collected and how it is shared.

"We want to help these sites catering to kids implement the bill," said Susan Scott, TRUSTe executive director. "We have created a unique children's seals, and to get that seal, sites need to comply with all the FTC requirements to create and implement privacy statements."

Authored by Sen. Richard Bryan (D-Nevada), the Children's Online Privacy Protection Act was tacked on to the Internet Tax Freedom Act. The provision requires parental consent before Internet sites can collect information online from children age 12 and under.

TRUSTe backs the Bryan bill but is concerned that is currently tied to Internet censorship legislation.

One major children's site, Yahooligans plans to post TRUSTe's new child privacy seal because it says its practices comply with TRUSTe's guidelines. TRUSTe is talking to another major children's site, Disney about joining the program too.

"Our privacy practices are in compliance with keeping a safe environment on the Web," said Rob McHugh, senior producer for Yahooligans, which has updated its privacy statement but not changed its practices to obtain the children's privacy seal. Yahooligans collects first names, age, gender, and home state, but no individually identifiable information, such email or physical address.

"The practices are in effect right now for any new applicants [for TRUSTe's logo] for sites directed at kids under 13," Scott said.

TRUSTe hopes its guidelines will become a "safe harbor" for child-oriented sites. That means the FTC would accept a site's use of the TRUSTe child privacy mark as evidence the site is following the law, with TRUSTe essentially becoming an enforcement arm.

The FTC still must promulgate regulations on child privacy, and TRUSTe expects to alter its guidelines based on the federal agency's final rules, which may not be completed for a year. Scott expects no major changes.

The Bryan bill would be the first online privacy legislation to pass, giving the FTC authority it previously felt it didn't have to enforce privacy rules.

Scott predicts that requiring parental permission before collecting personal data on children will reduce the amount of information sites request.

"The cost of business has gone up because of the verification [that parents approve]," she said. "Sites will need to look at their business models to see if they need that personal information."

Scott praised Bryan for taking industry concerns into account by altering the initial legislation, for example, to apply specifically to commercial sites--not nonprofits--and by limiting the parental permission requirement to children 12 years and under, not ages 13 to 19.

The Net Tax Freedom Act is still in limbo today as Congress's session comes down to the wire. The Senate passed the three-year moratorium on new Net taxes, but if the House doesn't push it through as is then Congress will likely run out of time to pass the legislation.

There is speculation, however, that the tax moratorium will be attached to omnibus spending legislation that could be passed by midnight tomorrow before both houses adjourn. If the bill is passed, the child privacy protections also will be ushered into law.

But the Net tax bill also contains a controversial provision by Sen. Dan Coats (R-Indiana) that exempts commercial sites from the tax break if they give minors unfettered access to "harmful" material.

Specifically, TRUSTe's Children's Seal Program requires that licensees not:

  • Collect information from a child under 13 without parental consent or direct parental notification of the nature and intended use of the data. Parents should be able to prevent use of the information.

  • Collect personally identifiable offline contact information from children under 13 without parental consent.

  • Distribute to third parties any personal data collected from a child under 13 without parental consent.

  • Allow children under 13 to publicly post or otherwise distribute personal information without parental consent. Sites must try to prohibit children from posting any contact information.

  • Use a games or prizes to entice a child under 13 to divulge more information than is needed.