Archive for the ‘coppa’ Category

Under Aged Tangling

Bumkins Grinch KidWe’ve been debating the COPPA today. What’s that? Well if you’re an online service that has the potential for the disclose of information for kids under 13 then you’ll need to comply with the Children’s Online Privacy Protection Act (COPPA).

This law states that we must obtain consent of a parent or guardian if our service is used to disclose personal information (such as email address, name, address). It applies pretty broadly to chat sites, web page tools, social networks, forums… which means basically anything with user contributions.

The easiest way to comply is simply don’t allow users under the age of 13. To do that you just request a confirmation as a part of the registration process that they are indeed 13 or over. Pretty simple really. Entirely pointless, but simple.

Then enter the Xanga case; these poor guys seem to have been nailed (fined $1m) because their users were able to change their birth date on their profile to a value below the age of 13. The FTC considered this evidence of users admitting their age (post registration confirmation of their age being over 13) and slapped them with a fine.

Now I don’t actually know a lot of the details of the Xanga case, so maybe there was something stupid involved as well (like non-compliance). But on the face of it it seems a little harsh — I did enjoy Xanga’s counter claim that users were changing the birth date to be that of their dog.

The FTC’s ruling was that sites need to maintain vigilance over their awareness of a user’s age. Which means if you can reasonably monitor this, then you must, or face a whopping fine.

Tangler has profile pages which allow you to change the birth date (we’re just adding it now). During the registration process we request confirmation of them being over 13. But we’ll now have to figure out what to do with the profile birth date field. Options:

  1. Remove the birth date field entirely — pretty silly.
  2. Check if they change the birth date to something under 13, then give them a warning confirmation, and if they click ok terminate their accounts — umm, pretty silly.
  3. Not allow birth dates to be set to a value below 13. How can they set to that anyway, since they already confirmed they were above 13… right?! — probably the best move.

Comments and suggestions welcome!