X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
While the Children’s Online Privacy Protection Act of 1998 was designed to rein in commercial sites that target children as buyers of goods, it has caused legal difficulties for those who provide services such as camps, schools, after-school activities and sport clubs. The providers of such services must regularly wrestle with the ways they collect prospects from their sites. COPPA generally requires commercial Internet sites to refrain from collecting personal data from children under the age of 13 without parental consent. Internet site operators have taken three mutually exclusive legal approaches to coping with COPPA: securing verified parental consent; preparing to manage a complaint; and implementing substantial compliance procedures. While users of provider sites are usually parents looking for schools, camps and so on, children also use these sites and report on their choices to their parents. Many providers incorrectly assume they are in substantial compliance with the spirit of COPPA because they subsequently contact the parents or guardians of those children from whom they have collected data. The rationale is that it would be prohibitively expensive to determine the age of a site user beforehand, so they make sure they follow-up with a parent or guardian. If such behavior is representative of a significant sector of a particular industry (such as summer camp providers) and presented to the Federal Trade Commission, a formal exemption from COPPA may be granted. However, without such a grant, the aforementioned activity is clearly unlawful. BACKGROUND COPPA is a recent development in the area of privacy law concerning personal information. While privacy in one’s private facts was part of Warren and Brandeis’ original conception of privacy — Samuel D. Warren & Louis D. Brandeis, “The Right to Privacy,” 4 Harv. L. Rev. 193 (1890) — courts subsequently found that a privacy right existed in a person’s “personal information” separable from the subject of the information. See Whalen v. Roe, 429 U.S. 589 (1977). This right has gained importance over time as computers and the Internet have enabled governments, banks, schools and other third parties to rapidly collect, store and dispense personal information. An individual’s right in his or her personal information is narrow. The right to privacy is protected in both the common law and the Constitution. However, neither gives a person significant rights in their personal information. In particular, the Constitution protects personal information against government intrusion, but this interest in “avoiding disclosure of personal matters” is narrow. Consider Whalen, where the Court declined to find that the government’s recording of personal drug prescription data desecrated the constitutional right to privacy because the information was satisfactorily protected. The privacy torts typically do not apply to misuse of personal information of a person unless the information was taken from that person directly or from a private source with whom that person confided such personal information, such as a bank. Even under such circumstances, courts are unlikely to find misuse of “nonprivate” personal information to be “highly offensive to a reasonable person” — which is the general standard for the privacy torts. Both federal and state statutes have been enacted to fill the void left by the common law and the Constitution. For example, Arizona, California, Florida, Hawaii, Illinois, Louisiana, South Carolina, Washington, among other states, have privacy provisions in their constitutions that have been applied to informational privacy. Among the most comprehensive federal laws concerning the misuse of information is the Privacy Act of 1974 (5 U.S.C. 552a (2000)). This statute primarily applies to state-issued or -collected information such as welfare benefit data and Social Security numbers. Four other federal laws give rise to an individual’s right to informational privacy. First, the Fair Credit Reporting Act, 15 U.S.C. 1601, limits the use of certain personally identifiable financial information in the credit and financial industries. It also requires credit agencies to make personal credit histories and ratings available to their owners. Second, the Computer Fraud and Abuse Act, 18 U.S.C. 1030, has criminal and civil penalties for certain computer-related intrusions into personal property. Third, the Electronic Communications Privacy Act, 18 U.S.C. 2510, protects private communications, such as e-mail, from unwarranted government and private intrusion. COPPA is the fourth. Unlike the others, COPPA is the only law to specifically target online informational privacy. THE BASICS COPPA was enacted to: augment parental participation in a child’s behavior online; look after the security of adolescents while they participate in Internet activities such as chat rooms; secure a child’s personally identifiable information collected online; and limit the collection of information from a child absent parental consent. COPPA is concerned with all information collected from individuals under the age of 13 on Web sites targeted toward individuals under the age of 13 or on general Internet sites where the operator knows that individuals under the age of 13 may visit. To protect children’s privacy, the act incorporates notice, parental consent, and limits on the use of games and prizes. COPPA addresses information privacy matters by placing restrictions on the practice of soliciting personal information from individuals under the age of 13 via the Internet. Generally, COPPA prohibits e-communication between commercial enterprises and individuals under the age of 13 unless parental consent is secured through any reasonable effort. COPPA prohibits children-focused Internet sites from requiring the disclosure of more personal information than necessary to participate on the site. The act also requires operators of these sites to establish procedures that will best protect the collected information. Certain exceptions to COPPA’s rules, known as safe harbor provisions, protect Web sites that work to protect themselves. Parental consent, for example, is not necessary when the operator collects personal information for the sole purpose of responding directly on a one-time basis to a specific request from a child and the information is not used to re-contact the child. Most important, the provisions require all Internet site operators to submit plans to the FTC for approval, which would presumably estop the FTC from proceeding against an approved Internet site operator. Each violation of COPPA may result in a fine of $11,000. COPPA also empowers courts to grant injunctive or other equitable relief. APPLICATION In Sable Communications, Inc. v. FCC, 492 U.S. 115 (1989), the Supreme Court held that parents and the government have a legal basis for protecting children. More specifically, in Meyer v. Nebraska, 262 U.S. 390 (1923), the Court held that the liberty guaranteed by the Fourteenth Amendment includes the liberty to bring up children. In addition, the economic burden on Internet providers associated with COPPA is easily outweighed by the government’s compelling interest in the protection of children. Thus, COPPA has a constitutional basis. The act simply renders it unlawful to collect personal information from a child without parental consent. The COPPA enabling statute empowers the FTC to enforce COPPA. FTC regulations expressly apply to any Web site operator, defined as any person who operates a Web site located on the Internet or an online service, and who collects or maintains personal information from or about the users or visitors to such Web site or online service, or on whose behalf such information is collected or maintained, where such Web site or online service is operated for commercial purposes — including any person offering products or services for sale through that Web site or online service — involving commerce:

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com

 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2019 ALM Media Properties, LLC. All Rights Reserved.