Sending a clear message that it intends to enforce a law aimed at protecting children’s privacy online, the Federal Trade Commission (FTC) has fined one toy manufacturer because it failed to verify that children had their parents’ permission before submitting their ages, names, and addresses to the company’s web site.
The Ohio Art Co., which makes Etch-A-Sketch, settled the fine by paying $35,000 and agreeing to discard all personal information improperly collected from children over the past two years, the FTC said April 22.
The agency also sent warning letters for less severe violations to operators of 50 children’s sites that were not in compliance with the Children’s Online Privacy Protection Act (COPPA). The FTC learned of the violations from a survey of 144 web sites completed last year.
The law requires commercial web sites to carry privacy-policy statements, get “verifiable parental consent” before soliciting information from children, and provide an opportunity for parents to delete information collected from their children.
The FTC also permits teachers to act on behalf of the parent in giving consent, provided the school’s policy allows students to give out personal information.
Ohio Art’s online “Etch-A-Sketch Birthday Club” collected names, ages, and addresses of 2,500 children who visited the web site since April 2000, said a complaint filed April 19 in U.S. District Court in Toledo.
The site instructed young visitors to “get your parent or guardian’s permission first” but had no way to verify that they did, the complaint said.
Ohio Art said it was correcting the problem and that the information was kept within the company.
“The Ohio Art Co. recognizes its obligation to its customers, community, and online visitors to adhere to the highest standards of decency, fairness, and integrity in all its operations,” a statement released by the company said.
“I think what’s going on is that some sites don’t understand the rules, and some just don’t care and think they aren’t going to get caught. It’s nice to see the FTC put some heat on,” said Joe Turow, author and Robert Lewis Shayon Professor of Communication at the University of Pennsylvania’s Annenberg School for Communication.
Last April, Turow released a study entitled “Privacy Policies on Children’s Web Sites: Do They Play By the Rules?” The study found almost half of the 162 children’s web sites researchers reviewed didn’t comply with COPPA.
Kathryn Montgomery, president and co-founder of the Center for Media Education, said enforcing COPPA will require constant monitoring by the FTC.
“It’s very, very important that the FTC follow through with these actions,” Montgomery said. “If the FTC didn’t take action, the industry would do whatever it wanted.”
The agency’s actions coincided with a Senate effort to limit what businesses can do with information they collect online from their adult customers, too.
The proposed Online Personal Privacy Act, introduced by Sen. Ernest Hollings, D-S.C., who chairs the Senate Commerce Committee, would require businesses to tell visitors to their web sites what information is being gathered on them and how it will be used.
Online businesses would then have to get consumers’ permission before sharing with third parties sensitive information such as bank accounts, medical information, and political or religious affiliation.
The bill would allow less sensitive data, such as addresses, records of items purchased, user preferences, and web browsing histories, to be distributed unless the customer took the initiative to forbid it.
Internet companies have assailed the bill, arguing that the marketplace is a better regulator of privacy. Consumer advocates, meanwhile, would prefer a bill that requires customers’ consent before any kind of information could be distributed.
Ohio Art Co.
Federal Trade Commission’s Kidz Privacy web site
Center for Media Education
Sen. Ernest Hollings, D-S.C.