Docstoc

CYBERLAW

Document Sample
CYBERLAW Powered By Docstoc
					     CYBERLAW



 Cyberlaw Meets Family Law:
 The Children’s Online Privacy
Protection Act of 1998 (COPPA)
    Class of Nov. 11, 2002
   Professor Susanna Fischer
        COPPA, COPA, CIPA
• What’s the difference?
• COPPA is a very significant statute because
  it is the first and only federal privacy statute
  that is specific to the Internet.
   WHAT IS COPPA’S MAIN
          GOAL?
• The primary goal of COPPA as well as the
  COPPA Rule is to place parents in control
  over what information is collected from
  their children online. The Rule was
  designed to be strong, yet flexible, to
  protect children while recognizing the
  dynamic nature of the Internet.
Who Must Comply With COPPA
            ?
• Operators of commercial websites
• 1. Directed to children 12 and under that
  collect/maintain personal information
• 2. That have actual knowledge that are
  collecting/maintaining personal information
  about children 12 and under
    What is “Personal Information”
•   Last name? First name?
•   Address?
•   E-mail address? Phone number?
•   Social security number?
•   Hobbies?
•   IP address?
•   Information Stored in Cookies?
 WHAT DOES COPPA REQUIRE
  SUCH OPERATORS TO DO?
• Provide parents with NOTICE of their
  information practices
• Obtain PRIOR VERIFIABLE PARENTAL
  CONSENT for the collection, use and/or
  disclosure of personal information from children
  (with certain limited exceptions)
• Provide a parent, on request, with the MEANS
  TO REVIEW personal information collected
  from his/her child.
 WHAT DOES COPPA REQUIRE
  SUCH OPERATORS TO DO?
• Provide a parent with the OPPORTUNITY TO
  PREVENT further use of personal information
  collected from their child (or further collection)
• Limit collection of personal information for
  child’s online participation in games, prize offers,
  or other activities to information that is
  REASONABLY NECESSARY for such activity.
• Establish and maintain REASONABLE
  PROCEDURES to protect the confidentiality,
  security, and integrity of the personal information
  collected.
       PARENTAL CONSENT
• FTC tried to devise a method that would satisfy 2
  goals: (1) ensure child’s parent actually agrees to
  let a website collect personal info from his/her
  child (2) do so without undue burden
• Reasonable efforts must be made to obtain
  verifiable parental consent, taking into
  consideration available technology, including:
  consent form to be signed by parent and returned
  by mail or fax, toll-free phone number for parent
  to call, digital certificate using public key
  encryption technology, e-mail accompanied by
  PIN, password
          SLIDING SCALE
• For internal use of information, parental
  consent can be obtained through e-mail
  combined with additional step following
  receipt (confirmatory e-mail, letter or
  phone call)
• Sliding scale in force until April, 2005
     DOES COPPA WORK?
• FTC Survey April 2002 of 144 sites at:
  http://www.ftc.gov/os/2002/04/coppasurvey
  .pdf
• Earlier study: Joseph Turow study on
  COPPA compliance in privacy policies on
  children’s websites for the Annenberg
  Public Policy Center (March, 2001)
 ENFORCEMENT OF COPPA
• How is COPPA enforces, who enforces it,
  and what are the penalties for violating
  COPPA?
        FTC ENFORCEMENT
             ACTIONS
• In April, 2001 FTC announced first civil penalty
  cases brought under COPPA against:
• Monarch Services and Girl’s Life (operators of
  www.girlslife.com
• Bigmailbox.com, Inc./Nolan Quan (operator of
  www.bigmailbox.com)
• Looksmart Ltd. (operator of
  www.insidetheweb.com)
• Under settlement, 3 companies agreed to pay
  $100,000 in civil penalties and delete personally
  identifiable information collected by children
        FTC ENFORCEMENT
             ACTIONS
• 6 COPPA enforcement actions to date
• April 2001 Ohio Art Company (operators of the
  Etch A Sketch Website at: http://www.etch-a-
  sketch.com/) – under settlement agreed to pay
  $35,000 penalty and not further violate COPPA
• Feb. 2002: American Pop Corn Company “Jolly
  Time” web site at: http://www.jollytime.com
• (had a Kid’s Club)– under settlement agreed to
  pay $10,000 and not to further violate COPPA
• Oct. 2001: Lisa Frank, Inc. (makes toys, school
  supplies; website at: http://www.lisafrank.com) –
  under settlement agreed to pay $30,000 and not to
  further violate COPPA
  IS COPPA TOO ONEROUS?
• Companies – is it to expensive to comply? For
  example, Surf Monkey (see
  www.surfmonkey.com) apparently spent between
  $50,000 and $100,000 to comply with COPPA
• Parents – is it too onerous to read privacy
  policies? For an example, see:
  http://www.toucansam.com/privacy/ Also, is opt-
  in too onerous?
    DOES COPPA WRONGLY
       IGNORE TEENS?
• Websites’ information practices are still subject to
  Section 5 of the FTC Act, which prohibits unfair
  or deceptive trade practices.
• October 2002: FTC settles with 2 companies
  (National Research Center for College and
  University Admissions (NRCCUA) and
  American Student List (ASL)) that collected
  extensive personal information from millions of
  high school students claiming they would only
  share this with educational institutions, and then
  sold it to commercial marketers.
IS COPPA A GOOD LAW AS A
      FAMILY LAW?
• What does Anita Allen-Castellito think?
• Do you agree?
• Is COPPA a good law as privacy law?
  Should children be able to waive privacy
  rights in online personal information?
    DO THE FOLLOWING SITES
     COMPLY WITH COPPA?
•   http://www.pojo.com
•   http://www.bigmailbox.com
•   http://www.lunchables.com
•   http://www.disney.com
•   http://www.harrypotter.com

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:2/16/2012
language:English
pages:17