Microsoft Corp. has agreed to make changes to its Kids Passport service, an online system that seeks to obtain parental consent before allowing web sites to collect and disclose the names, addresses, and online identities of children. The software giant’s decision came after one watchdog agency’s report claimed the company misrepresented itself to parents. eSchool News first broke the story in August 2001.

The Children’s Advertising Review Unit (CARU), a division of the Better Business Bureau that monitors certain web sites for compliance under its own regulatory guidelines and those imposed by the Children’s Online Privacy Protection Act (COPPA), said Microsoft should make the changes to better inform parents about the consequences and limitations of using Kids Passport.

An extension of Microsoft’s .NET (“dot-net”) Passport program, Kids Passport is a vehicle for children under 13 to obtain parental consent easily before registering on more than 300 participating web sites, some of which independently collect and disclose personally identifiable information—including eMail addresses, first and last names, mailing addresses, and birth dates.

Microsoft said it developed .NET Passport as a medium for participating sites to exchange personal information, thus allowing visitors to create single user profiles, which would let them log on to any number of sites without having to constantly repeat the registration process.

By extension, Kids Passport allows parents to give their consent just once, and this consent would enable children to log on to all participating sites. Microsoft promotes the service as a way for parents and children’s web site operators to ease the administrative burden of complying with COPPA, which requires parents to give their consent before a web site can collect personally identifiable information from their children.

But according to CARU, Microsoft’s Kids Passport service also gave parents the false impression that it would better protect kids’ privacy online.

For instance, the organization’s critique said Kids Passport was misleading because its advertising content implied that kids who participated in the program would be granted access only to those sites designed specifically with children in mind. CARU, however, said that was not the case.

At the time of its inquiry, CARU found that “none of the 12 sites that were then Kids Passport-participating sites … was designed specifically for children.” According to the report, all of the sites—which the company touted as child-oriented—in fact were general-interest sites. These sites included mainly names from the Microsoft family of online services, including MSN Calendar, MSN Chat, and the company’s free Hotmail eMail service.

Offering children access to such widely used services made it impossible for Microsoft to ensure that children were not revealing the types of personally identifiable information that its Kids Passport had vowed to protect, thus allowing people—possibly predators—to initiate online or offline contact with children. This possibility was not accurately disclosed to parents, CARU said.

Also, the organization complained that the privacy statements of several participating sites, which COPPA requires, either did not exist or were difficult to understand.

In response to CARU’s report, Microsoft has agreed to several major revisions.

First, Microsoft no longer will claim that its product helps protect or control online privacy. The company also has agreed to clear up language concerning the types of sites that are available through the program. Microsoft no longer will tout participating sites as specifically child-oriented and will include some mention of general-interest content.

Microsoft also said it will provide two separate privacy policies, one for its .NET Passport service and one for Kids Passport. The latter will explain that Microsoft does not monitor the privacy policies of participating sites, but merely provides a single location where parents can grant or deny consent for participating sites that collect sensitive information from children.

The changes are expected to be fully implemented by September.

Related links:
Kids Passport
http://kids.passport.com

Children’s Advertising Review Unit
http://www.caru.org