Marketing to Minors – Even When You Don’t Mean To Part 2

We have been focusing on the legal pitfalls you may face when you market to minors.  If you are doing any business online, then you are marketing to minors even if you don’t mean to.  Our last post introduced the topic and provided an example of the law’s protection of minors by not recognizing a minor’s ability to provide the necessary consent to enter into a contract.  Today, we focus on the main statute that impacts marketing to minors, the Children’s Online Privacy Protection Act.

Virtual compliance with COPPA is not enough

You also need to be careful when simply marketing to children.  The most direct statute is the Children Online Privacy Protection Act.  It applies certain rules to the online collection of personal information from children under 13, including specific disclosures needed in privacy policies, methods to obtain verifiable parental consent and the rules regarding the protection of children online.  The act is one of the reasons Facebook prohibits children under 13 from having profiles. 

COPPA also applies to general websites that have actual knowledge of the collection of personal information from children.  The Federal Trade Commission has set forth numerous guidelines to help you determine whether a website is directed to children or whether you should have actual knowledge of a youngster’s use.  They are available at http://www.ftc.gov/privacy/coppafaqs.shtm.

Playdom, Inc.’s woes provide a textbook example of what not to do.  In May, it received the biggest settlement fine under COPPA to date, $3 million, from the FTC.  Playdom operates over 20 virtual online worlds.  The FTC claimed Playdom collected and disclosed personal information from hundreds of thousands of children under 13 without their parents’ consent.

Most of Playdom’s games were targeted for general audiences, but they did attract children.  One of the worlds, named Pony Stars, specifically targeted children.  The sites’ privacy policies claimed Playdom would prevent children from posting personal information on their sites.  After the FTC began investigating, Playdom terminated most of the virtual worlds although some of them lived on through non-U.S. operators before they were shut down as well. 

Notwithstanding the privacy policy, the sites allowed children to post their names, email addresses, instant messenger screen names, and locations on online profile pages and forums.   Playdom asked for ages and email addresses from users.  For those under 13, Playdom also asked for an email address.  The parents would receive a “welcome” email, but the under-aged users could access the entire site and leave whatever personal information they wanted on their profiles without the parent’s reviewing or agreeing to it.  As a result, children were really treated no differently than adults. 

The good news is the FTC laid out some guidelines that would show good COPPA compliance procedures.   If you believe you are collecting personal information from those under 13 (whether they admit it or not) you should:

•Tell parents exactly what inform you collect from children and how the information is used or disclosed.

•Obtain verifiable consent from parents prior to any data collection.

•Invoke a mechanism that allows parents to review the specific personal information collected and provides parents an opportunity to refuse the further use of the data.

•Only collect what is reasonably necessary to provide the service to the child.

•Take reasonable steps to protect the confidentiality, security, and integrity of the children’s personal information.

•Include a link to the FTC’s website to provide tips on protecting children’s privacy online: www.OnGuardOnline.gov.