Some privacy and consumer advocates allege that a new Microsoft service, which is intended to help parents control the information their children give out online, actually is misleading and fails to comply with a federal law aimed at protecting children’s online privacy. They have asked the Federal Trade Commission (FTC) to investigate.

Microsoft denies the allegations and says the groups’ complaints amount to nit-picking. The Electronic Privacy Information Center, along with the Center for Media Education and 11 other organizations, filed supplemental materials in support of a pending complaint with the FTC Aug. 15.

The law in question is the Children’s Online Privacy Protection Act (COPPA). It prohibits unfair or deceptive marketing practices and requires web sites aimed at kids to display prominently a detailed and easy-to-read privacy policy.

COPPA also requires web sites to obtain “verifiable parental consent” before collecting, using, or disclosing any personal information, such as names or addresses, from children under 13.

Kids Passport is a version of Microsoft’s Passport technology, an online service that lets users create a single profile–including user name, password, and other information–that can be used on all participating web sites. The service’s goal is to make web-surfing and internet shopping easy for consumers.

According to the Microsoft Passport web site, “Kids Passport helps protect and control online privacy for children by obtaining parental consent to collect or disclose a child’s personal information” from one convenient, centralized location.

Parents can use Kids Passport as a tool to let participating web sites collect or disclose personally identifying information about their children.

When a child tries to sign on to a web site that requires personally identifying information, the child can ask a parent or guardian for permission by sending an electronic request through Kids Passport. The parent or guardian reviews the request and can grant a specific level of consent or can deny consent altogether.

Microsoft’s Kids Passport appears to meet most of COPPA’s requirements, but privacy advocates are concerned it doesn’t meet them all.

“Microsoft is promoting its Kids Passport to parents as a service that will protect their kids’ privacy, when in fact it doesn’t appear to comply with the law,” said Gabriela Schneider, senior policy analyst at the Center for Media Education. “It’s misleading to parents.”

The Kids Passport privacy policy says, “It is important for you to read the Privacy Statement and Terms of Use for each web site you are consenting for your child to visit and use.”

But under COPPA, Schneider said, “there should be one [privacy] policy that outlines all of the details” if there is a single consent form for parents.

With Kids Passport, parents need to read the individual privacy policy of each web site their kids visit. The Microsoft service “puts the burden on parents to see if the web sites have changed their policy,” Schneider said.

A Microsoft representative told eSchool News, “Kids Passport is only a mechanism to help parents with parental control. Should Kids Passport be the one to govern the privacy policies of all these sites? Microsoft never positioned it to be that.”

Microsoft Passport is not mandatory for users, but it is one of the foundation services of the Microsoft .NET initiative, which aims to offer personalized experiences to users any time, anywhere, from any device.


Center for Media Education

Microsoft Kids Passport