Fines of up to $11,000 per incident could punish commercial children’s web sites if they collect personal information on kids under 13 without parental consent. The sanction was set forth in the rules proposed by the Federal Trade Commission (FTC) on April 20 to implement the Children’s Online Privacy Protection Act (COPPA), enacted last October.

Interested parties have until June 11 to comment on the proposed rules, which could go into effect as early as next fall.

Web site operators typically collect personal information from children when youngsters access chat rooms, send and receive eMail, use message boards, or participate in surveys or contests, a 1998 FTC study found.

The FTC recommended COPPA after conducting a survey of 212 commercial children’s web sites. The survey found that 89 percent of sites collected personal information from children, but only 24 percent posted privacy policies–and just one percent required parental consent before collecting or disclosing children’s information.

“Protecting kids who surf the internet has been a top priority of the commission’s online privacy initiative,” said Robert Pitofsky, who chairs the FTC. “The proposed rule aims to achieve that goal by putting parents in control of personal information that is collected from their children on the web.”

The FTC’s rule would require web site operators to make reasonable efforts to obtain consent from parents before asking children under 13 for their names, addresses, eMail addresses, telephone numbers, or other identifying details. Operators also would have to post on their sites disclosure statements regarding how the information will be used.

Parental consent would not be required when a site operator collects a child’s eMail address “to respond directly to a specific request of the child,” however.

A hot potato

It’s unclear from the FTC’s proposed rules exactly how web site operators are supposed to obtain consent from parents. For now, the agency hasn’t committed to any specific methods, but instead is inviting public comments “on the feasibility, benefits, and costs of several methods.”

Under the proposal, permission would have to be “verifiable,” so children can’t fake their way through the barrier. To child advocates, that would rule out plain eMail as a method of verification, because a parent’s account can be tapped too easily by an enterprising child.

“We want the FTC to implement effective rules that don’t create huge loopholes,” said Katharina Kopp, a policy expert at the Center for Media Education, which lobbied for COPPA.

The FTC agreed and is likely to consider eMail only if it finds there is a feasible consumer application of digital signature or other eMail-based technology that can “ensure that the person providing the consent is the child’s parent.”

Other options could include mailed or faxed consent forms, credit card verification, or toll-free phone verification, the agency said.

But some site operators fear that if the FTC requires only off-line methods of granting permission, such as fax or traditional mail, the law would have the unintended effect of repressing the immediacy of the internet as a medium.

“I think we are gearing up for a battle that is going to have to be resolved, looking at what ultimately is the most practical method and what will not unduly hinder electronic commerce and development of the internet,” John P. Feldman, a Washington lawyer who represents a number of commercial web sites, told the New York Times.

The FTC “seemed to anticipate that this would be a hot potato,” said Jason Catlett of Junkbusters Corp., a N.J.-based privacy group. “Rather than put up something that would be shot down from all sides, they’ll let the commentators fight it out and take what they see as a satisfactory compromise.”

Many children’s sites have begun to require parental consent in anticipation of the FTC’s proposed rules–though some sites, such as Disney’s Buena Vista Internet Group, currently obtain consent through eMail.

The law is likely to force some commercial sites geared toward student use at home or at school to change the way they do business.

One solution might be for sites to register students under a teacher’s name instead of the children’s. Headbone Interactive, a Seattle-based company that offers a monthly interactive web contest called “Headbone Derby,” for instance, now requires parental consent for students who register from home, but it asks teachers to register their classes for school use.

The FTC is accepting comments on its proposed rules via eMail: KidsRule

Federal Trade Commission

Center for Media Education

Junkbusters Corp.

Headbone Interactive