Three web site operators have been fined for breaching the
provisions of the Children's Online Privacy Protection Act (COPPA),
one year after the rare example of US data protection law came into
force. The companies will pay fines of $100,000.
The Federal Trade Commission charged the operators of
girlslife.com, Bigmailbox.com and insidetheweb.com with illegally
collecting personally identifying information from children under
13 years of age without parental consent, in violation of the
Act.
To settle the FTC charges, the companies together will pay a
total of $100,000 in civil penalties for their COPPA violations. In
addition to the requirement that these companies comply with COPPA
in connection with any future online collection of personally
identifying information from children under 13, the settlements
require the operators to delete all personally identifying
information collected from children on-line at any time since the
Rule's effective date. These cases mark the first civil penalty
cases the FTC has brought under the COPPA Rule.
The Children's Online Privacy Protection Act became effective in
the US on 21st April, 2000. The Act applies to operators of
commercial web sites and on-line services directed to children
under 13, and to general audience sites that knowingly collect
personal information from children. The COPPA Rule requires that
web sites post a complete privacy policy, and directly notify
parents of their information collection practices and get
verifiable parental consent before they collect children's
personal information or share that information with others.
The Girlslife.com web site targets girls aged 9 to 14, offering
features such as on-line articles and advice columns, contests, and
pen-pal opportunities. Partnering with BigMailbox.com and
Looksmart, it also offered children free e-mail accounts and
on-line message boards.
The FTC alleged that each of the defendants collected personal
information from children, including such things as full name and
home address, e-mail addresses and telephone numbers. None of the
web sites posted privacy policies that complied with the Act or
obtained the required consent from parents prior to the collection
of their children's personally identifiable information, as
required by COPPA.
The Web sites collected children's personal information for
their own internal uses, enabled children to publicly reveal their
personal information online without first obtaining parental
consent, and, in the case of BigMailbox, provided children's
personal information to third parties without prior parental
consent. The FTC also charged that all three operators required
children to disclose more personal information than was needed for
participation in the activities involved, a practice that also
violates COPPA.
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
