COPPA cost too high for some sites

Summary:Law requiring sites to protect privacy of pre-teens causes sites to revisit their way of doing business.

Keeping the Web safe for children may come at too steep a price for some Internet sites.

For SurfMonkey.com Inc. (www.surfmonkey.com), a community site for children, the cost is $50,000 to $100,000 -- so far. For eCrush.com Inc. (www.ecrush.com), the expense was simply too high. The teen-romance Web site has begun turning away children under 13.

Those are just two of hundreds of Web sites that were required to comply with the Children's Online Privacy Protection Act of 1998, or COPPA, a law that bars sites from collecting personal information from children under 13 without parental consent. COPPA, which went into effect Friday, is the first legislative move in what many industry players and government officials believe will be further efforts to regulate consumer privacy online. The Federal Trade Commission is charged with enforcing COPPA.

Such measures are adding to the financial pressures and administrative headaches of doing business online. This, in turn, is causing a number of dotcoms, many of which are already struggling to survive, to ditch services entirely rather than leave themselves open to potential lawsuits.

'This is stupid. I LOVED e crush. Fine, I guess I must (sic) as well lie about my age.'|Child under 13COPPA requires Web sites to prominently disclose what personal information they collect from children, how it is used and whether it is shared with third parties. Most important, the law requires sites to obtain "verifiable parental consent" before collecting any personal data from children.

The consent can take the form of a physically signed note, a credit-card number or an e-mail with a password. For the next two years, sites that don't plan on sharing information with third parties may accept an e-mail message from a parent, as long as the site operator receives another e-mail, letter or telephone call from a parent confirming the consent.

Sites that offer communications services -- such as chat rooms, e-mail and message boards -- through which a child can disclose personal information must immediately adhere to the higher level of consent verification.

At SurfMonkey.com of Campbell, Calif., executives came up with their own method for getting an online permission slip from mom and dad. They set up an 800-number so that parents can confirm that their children have permission to log onto the Web site's chat rooms and bulletin boards. They also added staff in customer relations and instituted a weekly meeting on the topic of legal compliance.

That level of attention was too much for San Francisco-based eCrush.com, though. President Karen DeMars said she couldn't afford to pay for an extra staffer to sort through all the permission forms from parents. Reluctantly, she decided to give up a chunk of business by shutting down the existing accounts of children who identified themselves as being under 13. New users in that age bracket are also turned away during the Web site's registration process.

Most large online companies, including America Online Inc., Microsoft Corp. and Walt Disney Co.'s Go.com, have publicly applauded COPPA. Indeed, some of them even helped to craft key bits of the legislation. The financial impact of adding consent verification to their Internet services was negligible for the larger companies.

Still, plenty of Web companies big and small are seeking help from experts to whip their sites into compliance with the new law. That's good news for people like Perry Aftab, an attorney with Aftab & Savitt in Springfield, N.J. A longtime advocate of child safety on the Internet, Aftab last November dedicated her law practice to helping Internet companies meet the requirements of COPPA.

Aftab's services don't come cheap. She charges clients a $10,000 flat fee to audit their child-privacy practices. Aftab estimates that it will cost her clients between $60,000 and $100,000 a year to meet COPPA standards. She believes most Web sites have accepted the price tag of protecting child privacy online.

"There was grumbling, but the grumbling was two years ago" when COPPA was passed, Aftab said.

Still, some children are steamed about the changes at their favorite Web sites. ECrush.com's DeMars said she has received e-mails from children complaining of discrimination and "unconstitutional" behavior. One e-mail read, "This is stupid. I LOVED e crush. Fine, I guess I must [sic] as well lie about my age." Keeping the Web safe for children may come at too steep a price for some Internet sites.

For SurfMonkey.com Inc. (www.surfmonkey.com), a community site for children, the cost is $50,000 to $100,000 -- so far. For eCrush.com Inc. (www.ecrush.com), the expense was simply too high. The teen-romance Web site has begun turning away children under 13.

Those are just two of hundreds of Web sites that were required to comply with the Children's Online Privacy Protection Act of 1998, or COPPA, a law that bars sites from collecting personal information from children under 13 without parental consent. COPPA, which went into effect Friday, is the first legislative move in what many industry players and government officials believe will be further efforts to regulate consumer privacy online. The Federal Trade Commission is charged with enforcing COPPA.

Such measures are adding to the financial pressures and administrative headaches of doing business online. This, in turn, is causing a number of dotcoms, many of which are already struggling to survive, to ditch services entirely rather than leave themselves open to potential lawsuits.

'This is stupid. I LOVED e crush. Fine, I guess I must (sic) as well lie about my age.'|Child under 13COPPA requires Web sites to prominently disclose what personal information they collect from children, how it is used and whether it is shared with third parties. Most important, the law requires sites to obtain "verifiable parental consent" before collecting any personal data from children.

The consent can take the form of a physically signed note, a credit-card number or an e-mail with a password. For the next two years, sites that don't plan on sharing information with third parties may accept an e-mail message from a parent, as long as the site operator receives another e-mail, letter or telephone call from a parent confirming the consent.

Sites that offer communications services -- such as chat rooms, e-mail and message boards -- through which a child can disclose personal information must immediately adhere to the higher level of consent verification.

At SurfMonkey.com of Campbell, Calif., executives came up with their own method for getting an online permission slip from mom and dad. They set up an 800-number so that parents can confirm that their children have permission to log onto the Web site's chat rooms and bulletin boards. They also added staff in customer relations and instituted a weekly meeting on the topic of legal compliance.

That level of attention was too much for San Francisco-based eCrush.com, though. President Karen DeMars said she couldn't afford to pay for an extra staffer to sort through all the permission forms from parents. Reluctantly, she decided to give up a chunk of business by shutting down the existing accounts of children who identified themselves as being under 13. New users in that age bracket are also turned away during the Web site's registration process.

Most large online companies, including America Online Inc., Microsoft Corp. and Walt Disney Co.'s Go.com, have publicly applauded COPPA. Indeed, some of them even helped to craft key bits of the legislation. The financial impact of adding consent verification to their Internet services was negligible for the larger companies.

Still, plenty of Web companies big and small are seeking help from experts to whip their sites into compliance with the new law. That's good news for people like Perry Aftab, an attorney with Aftab & Savitt in Springfield, N.J. A longtime advocate of child safety on the Internet, Aftab last November dedicated her law practice to helping Internet companies meet the requirements of COPPA.

Aftab's services don't come cheap. She charges clients a $10,000 flat fee to audit their child-privacy practices. Aftab estimates that it will cost her clients between $60,000 and $100,000 a year to meet COPPA standards. She believes most Web sites have accepted the price tag of protecting child privacy online.

"There was grumbling, but the grumbling was two years ago" when COPPA was passed, Aftab said.

Still, some children are steamed about the changes at their favorite Web sites. ECrush.com's DeMars said she has received e-mails from children complaining of discrimination and "unconstitutional" behavior. One e-mail read, "This is stupid. I LOVED e crush. Fine, I guess I must [sic] as well lie about my age."

Topics: Legal

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.