Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: LifeinAsia
Without getting into specifics -- I have pretty much realized a site I am working on needs to be COPPA compliant.
Has anyone had to deal with COPPA compliance before? Any pointers as to the approach I should take, what is reasonable and what isn't. For example, how do you stop someone who is younger than 13 from registering a username for which an e-mail address is required, without making it overly problematic for those over 13?
Never dealt with COPPA before, so I'm looking for all the pointers I can get. Where to start? How to implement requirements?
My concern, which I haven't seen addressed anywhere, and is keeping me from letting folks under thirteen join, is what legal exposure do I face if a child provides false parent/guardian contact details.
Other than that, from what I've seen in terms of working examples, it's pretty easy to make your website COPPA-complaint.
I would also let them see a history of the messages their child has posted and that sort of thing so they can not only see what the child has shared with us, but can also keep tabs on what their child is saying online.
obtaining a signed form from the parent via postal mail or facsimile;
accepting and verifying a credit card number;
taking calls from parents on a toll-free telephone number staffed by trained personnel;
email accompanied by digital signature;
email accompanied by a PIN or password obtained through one of the verification methods above.
All of those methods are fraught with the potential for abuse.
>>obtaining a signed form from the parent via postal mail or facsimile;
This could still be forged/faked.
>>accepting and verifying a credit card number;
Kids today have credit cards. I'm not sure if there is a minimum age limit so long as the account is secured by the parent's credit.
>>taking calls from parents on a toll-free telephone number staffed by trained personnel;
How does this prove anything? How does a non-profit hobby site afford something like this anyway?
>>email accompanied by digital signature;
Again, I have PGP and digitally sign all my e-mails. Any kid could obtain PGP and come up with a digital signature.
>>email accompanied by a PIN or password obtained through one of the verification methods above.
If the kid, or his phony parental e-mail address gets to see that PIN or password fraud is possible.
In conclusion, I am looking for something specific from the FTC about what they consider reasonable methods of verification that won't expose me to legal action. To date I've found nothing that addresses that issue.
Just make sure you document everything. And, if issues would arise, make sure you have a policy for how to handle it (which needs to be documented on your Web site as well). As long as the child's information gets deleted (if fraud is discovered) you should be ok...
That's the part that concerns me.
Even my Internet law specialist can't answer this question for me. There's no case law with regard to fraud on the part of the consumer/child to know for certain how the FTC would handle such a situation. I certainly don't want to wind up being the test case!
My best guess is that if we followed all the guidelines and still got defrauded we'd be OK. But I can't risk the huge fines the FTC has been levying against some of America's biggest corporations so I need something concrete before I do what I really want to do and let kids as young as ten join the site. The site has a natural attraction for kids who begin this hobby in their early years and many of them continue it throughout their lives so I'd like to let them participate so long as they can do it in a mature fashion, according to our TOS/AUP, and within the limits imposed by COPPA.
DISCLAIMER: This is not to be considered legal advice (or any other advice for that matter). The above reflects only my personal opinion. I assume no responsibility for any outcome as a result of agreeing with my personal opinion.
In the process I found a site similar to mine that states nobody under 13 can join, and asks for a lot of required personal information. Other than that they do nothing to abide by the terms and spirit of COPPA. I had my nephew join and list his age as under 13. The site let him join, asked for no parental contact information, and let him post on their forums and provide tons more personal details via his profile page.
I filed a complaint with the FTC and now I'm going to sit back and watch what happens. I hope it will wind up being the test case I so desperately want to see but not be involved in.