Out-Law News 1 min. read

Web sites pay up for breaking US child privacy laws


Three web site operators have been fined for breaching the provisions of the Children's Online Privacy Protection Act (COPPA), one year after the rare example of US data protection law came into force. The companies will pay fines of $100,000.

The Federal Trade Commission charged the operators of girlslife.com, Bigmailbox.com and insidetheweb.com with illegally collecting personally identifying information from children under 13 years of age without parental consent, in violation of the Act.

To settle the FTC charges, the companies together will pay a total of $100,000 in civil penalties for their COPPA violations. In addition to the requirement that these companies comply with COPPA in connection with any future online collection of personally identifying information from children under 13, the settlements require the operators to delete all personally identifying information collected from children on-line at any time since the Rule's effective date. These cases mark the first civil penalty cases the FTC has brought under the COPPA Rule.

The Children's Online Privacy Protection Act became effective in the US on 21st April, 2000. The Act applies to operators of commercial web sites and on-line services directed to children under 13, and to general audience sites that knowingly collect personal information from children. The COPPA Rule requires that web sites post a complete privacy policy, and directly notify parents of their information collection practices and get verifiable parental consent before they collect children's personal information or share that information with others.

The Girlslife.com web site targets girls aged 9 to 14, offering features such as on-line articles and advice columns, contests, and pen-pal opportunities. Partnering with BigMailbox.com and Looksmart, it also offered children free e-mail accounts and on-line message boards.

The FTC alleged that each of the defendants collected personal information from children, including such things as full name and home address, e-mail addresses and telephone numbers. None of the web sites posted privacy policies that complied with the Act or obtained the required consent from parents prior to the collection of their children's personally identifiable information, as required by COPPA.

The Web sites collected children's personal information for their own internal uses, enabled children to publicly reveal their personal information online without first obtaining parental consent, and, in the case of BigMailbox, provided children's personal information to third parties without prior parental consent. The FTC also charged that all three operators required children to disclose more personal information than was needed for participation in the activities involved, a practice that also violates COPPA.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.