Sites brace for COPPA fallout
Angry preteens are flaming Karen DeMars, calling the dotcom executive everything from a "jerk" to a "jackass," but she won't budge. Kids age 12 and under are still banned from using her matchmaker service.
After all, says DeMars, president and co-founder of eCrush.com Inc., she's just trying to follow new federal rules that require sites to obtain parental consent from the under-13 set or risk a $10,000 fine for each violation.
"The biggest reason for doing this is a logistical issue," DeMars said. "If we had to get faxes and signatures it would overwhelm us."
eCrush, which plays cupid for teens with mutual crushes, and other sites targeting kids have spent recent months preparing for the implementation of the Children's Online Privacy Protection Act (COPPA), which promises to dramatically change the way Web sites deal with preteen audiences. Under COPPA, which passed in October 1998 and takes effect on Friday, April 21, sites are required to gain parental notification -- in some cases via fax, mail or phone -- before collecting personal information from children under 13.
Many companies, such as the Walt Disney Co. (dis) and FreeZone, are spending hundreds of thousands of dollars to make their sites compliant. Others, such as eCrush, are taking the most drastic approach, cutting off preteens altogether.
DeMars recently sent out an e-mail telling underage eCrush members that their accounts were going to be deleted. The result: DeMars' inbox has filled with hundreds of angry missives from preteen protestors signed "sick and tired of being too young" and "a rejected member."
The messages to eCrush illustrate the often scattershot and sometimes arbitrary approach of regulations that balance the interests of consumers and companies in the digital age, especially where privacy is concerned. Although many of the preteens use colorful language, the sentiment is pretty much the same throughout the 200 or so e-mails sent to eCrush. One reads: "Why in the world does it make a difference if I am 12 or 13? I would appreciate if you could set me straight here because I'm not too happy about it."
Yet another sums up the challenges the Federal Trade Commission -- charged with pursuing offenders -- faces in enforcing the law: "I might as well lie about my age."
However, DeMars said, cutting off the group isn't such a big deal for the company -- even she doesn't necessarily want 12-year-olds visiting a teen dating site. But many sites want the stream of young visitors to their site to continue, and they're scrambling to make sure they do.
COPPA -- a compromise between privacy advocates committed to protecting children online and companies that want to make money targeting kids -- takes a two-tier approach to getting parental consent.
For example, starting Friday visitors to Disney (dis) who are 12 and under will be asked for their parent's credit card number, which will be used to open a family account. Although the cards won't be charged, they will be used to verify that someone over 18 knows the child is visiting the site. Eric Aledort, vice president of corporate development for Disney's GO.com portal, said the company chose the credit card method because keeping accurate records of fax and phone call verification is too complicated. Still, he acknowledges that some people may be hesitant to turn over their credit card information just so their child can enter a contest or participate in an interactive event.
"I think there will be some people who will not be happy," Aledort said. "I think we'll have a lower response than we've had in the past." He said parents who don't have credit cards can contact Disney to set up another means of verification.
Of course, nothing prevents mischievous children from lying about their age in order to avoid the parental consent requirement altogether -- or from masquerading as a parent via an alternative e-mail address.
Still, privacy advocates are applauding the regulations as a significant step toward making sure companies respect the privacy of their users. "This is the first piece of legislation that's significantly pro-consumer," said Jason Catlett, president of Junkbusters Corp.
But Catlett said COPPA still falls short, in part because it doesn't allow parents to change the information collected about them or to rest assured it won't be shared. "This legislation doesn't give parents access to information about the parents," he said. "It only gives access to information held about the children."
Besides inspecting sites, the FTC has said it will rely on tips from the public, companies and consumer groups. The legislation was prompted in part by an FTC study in 1997 that found that more than 86 percent of 126 major companies targeting children collected personal information including names, e-mail addresses and home phone numbers, mostly without parental permission. Only 35 of those companies even posted a privacy policy.
Although Friday is the day the new regulations kick in, it will likely be weeks before the real effects resonate through the world of children's online content.
Justin Osmer, communication director at FreeZone, who spoke to federal lawmakers while they were shaping COPPA, said he thinks the new rules will level the playing field for companies that already respect children's privacy.
"We're happy to see that other sites are going to have to do the same thing," Osmer said.
FreeZone, a portal site for kids between 8 and 14, estimates it will spend about $100,000 to comply with the law. The company already requires parental consent, but now it must beef up its privacy area and install clearer, larger links to it. Alloy.com, a site catering to teens, told Advertising Age it would spend about $200,000 to comply. Other sites that must completely revamp their information collection policies could end up plunking down as much as $500,000.
Still, Osmer wonders whether sites will shy away from adding new content or simply bow out altogether, as eCrush did: "The worry is, are they going to spend a lot of money to comply or drop off some interactive content and dilute the user experience?"
As for enforcement, Osmer acknowledged there's no way to make sure kids don't give false ages to avoid the consequences.
"We take the steps we can, and there are always going to be kids who figure out how to get around them," Osmer said.