The Federal Trade Commission’s recent amendments to its Children’s Online Privacy Protection Act Rule will take effect on July 1, 2013, but the changes might ultimately exacerbate a fundamental problem that has persisted since the Rule’s debut: people, parents and children alike, lie. The new amendments will expand the definition of “personal information,” the collection of which triggers a series of special mandates by which child-directed, commercial websites must abide. Expanding this definition and increasing the number of triggers places a greater burden on these websites, which, in response, just ban children from using their services. This response, however, does not deter children, who lie about their age to gain access, often with the help of their parents. Additional regulations might very well lead to more lying and an increase in the unprotected presence of children online.
In 1998 Congress enacted the Children’s Online Privacy Protection Act (COPPA) to protect a child’s personal information while the child is online. COPPA, codified at 15 U.S.C. §§ 6501-06 (2013), requires the FTC draft and enforce a rule that implements several policies aimed at deterring the collection of data from children under the age of 13 without parental consent. The various versions of the FTC’s Rule have required commercial websites and Internet services that are directed at children under the age of 13, as well as any site that actually knows that they are receiving the personal information of children under the age of 13, to provide parents direct notice of their intent to collect and disseminate their child’s personal information. After providing notice and receiving consent, the site must also allow parents access to the information and the opportunity to have it deleted whenever the parent so desires.
Come July, the Rule’s amendments will expand the definition of personal information to include geo-location information; photos, videos, and audio files containing the child’s likeness; screen names and usernames, even if they do not directly reveal the child’s email address; and persistent identifiers, even those that just recognize a child over time and across different sites.
Websites like Facebook, MySpace, Gmail, and Skype already avoid the Rule’s requirements, and the costs associated with them, by not allowing children under the age of 13 to create accounts. After July, a data-collecting website attempting to comply with the Rule and remain open to children will face even greater costs because more information collection will require parental consent and control. Sites that cannot or do not want to bear these costs might follow the example set by Facebook and others and just restrict access to children entirely.
However, if more websites ban children, the consequence could actually be less protection for children’s online data privacy. In their article Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the “Children’s Online Privacy Protection Act,” Danah Boyd, Eszter Hargittai, Jason Schultz, and John Palfrey discuss how children readily and frequently overcome Internet restrictions by lying about their age. Moreover, parents are helping them do it or, at least, are not stopping them. By helping their kids lie, parents are giving up the rights that COPPA was designed to grant them, the right to have control over their son or daughter’s personal information. Given the dangers that abound on the Internet, it seems unlikely that a parent would so nonchalantly give up any of the protections afforded them. It seems more likely that parents are unaware of the protections or the bans’ purpose when they are helping their child lie. Either way, parents are willingly giving up protections and allowing their son or daughter’s personal information to roam freely in the technological ether.
With more restricted websites will come more opportunities for children, and their parents, to lie in order to gain access to popular websites. The result, regardless of whether parents desire it, is more children operating online outside of the protections of COPPA. In the end, websites may save on costs, and children will have their online accounts, but the FTC will not actually be furthering the goal of protecting children’s personal data online.