COMMENTS ON FTC INITIAL REGULATORY FLEXIBILITY ANALYSIS OF CHILDREN’S ONLINE PRIVACY PROTECTION ACT, 16 CFR PART 312
Thank you again for the opportunity to comment on the potential impact that the Children’s Online Privacy Protection Act will potentially have on smaller versus larger entities and to suggest some potential alternatives that warrant discussion.
Kidsonline.com believes strongly that parents should have a significant involvement in and control over their children’s online experiences. We strongly support any and all methods that will ensure the safety and integrity of children’s online experiences, but their must be a reasonable balance between the costs created by the measures and the benefits they achieve.
Section 312.4 (b) requires that operators post visible notices of their information collecting practices and intended usage of the information in every place where information is asked for, via notice or links to notice. Kidsonline feels very strongly that the policy of giving parents all the information necessary to make an informed decision about their children’s online experiences is sound policy.
Section 312.4 (c) and 312.5 provides that operators use reasonable efforts to ensure that a child’s parents gets adequate notice of their children’s online activities and the operator’s policies with respect to use of information. Taken together, the rules also require that if an operator intends to use the information collected in a different manner than originally contemplated in the original notice and/or consent, new notice and/or consent must be obtained. Kidsonline feels strongly that the section is potentially lethal to smaller operators. Mergers, acquisitions, marketing alliances, cross-promotions et al are a fact of life for smaller, budding players on the internet. Under the rule, operators would be required to give new notice and get new parental consents if they intend to share their visitors with their alliances. At the extreme, potential acquisitions or mergers could be endangered and would potentially require that parents of children registered at an operators site approve the transactions. This would cripple smaller entities that rely on the above mechanisms to build their brands. While Kidsonline feels very strongly that third party usage of children’s information needs heavy regulation, the regulation should not prevent these types of deals from being consummated. To do so would enable the established kids brands who have already established themselves and their marketing alliances an unfair advantage in building their traffic. The rule should provide that where usage of children’s information is reasonably similar to the intended usage that was previously presented and approved by a parent, no new notice and consent should be required. Without a material change in intended usage or practices, no new notification or consent should be required.
Section 312.5 also lays out methods to protect the integrity, safety, and confidentiality of the information that an operator gathers. Kidsonline feels very strongly that the methods listed are effective in meeting these goals. However, Kidsonline also feels that all sites must not be held to the same standards when judging what is adequate and what is not adequate protection. Although there must be a baseline protection layer that all children’s sites must adhere to, a small entity cannot be required to have the same level of technology that a major entity would be expected to develop and/or employ.
Kidsonline feels strongly that the policies promulgated by COPPA are sound. However, there is a very real cost in implementing these policies, a cost that in many instances is felt more by smaller entities than larger entities. While Kidsonline supports any and all efforts to protect the children’s online experience, we also recognize that every time a parent has an opportunity to remove their child, the cost of customer acquisition is raised. By requiring that parents give consent to an operator before their children give any personal information and thus prevent the child from participating in online activities, COPPA doubles the cost of customer acquisition for online operators of kids-related sites. More exactly, if 10 children would normally sign up and participate in online activities without requiring parental consent, only 5 will when parental consent is required.
Kidsonline requests that the Commission consider strongly a two-tiered system that would provide operators with a degree of flexibility to enable effective customer acquisition but still provide a level of protection that all children deserve. Children should be encouraged to have online accounts and reveal enough personal information that enables an operator to establish a relationship with the child to the extent necessary to protect all children using the site. Kidsonline feels that operators should be allowed to collect a minimum amount of information to establish a link to the child in exchange for limited access to the operator’s site. For instance, a site that provides game play, chat, online stores, e-mail, etc. could allow a child to play games in exchange for revealing a minimum amount of personal information reasonably necessary to establish his identity within the community. However, if the child wanted to delve deeper into the site’s offerings, e.g. chat, storefront, etc., parental notification and consent should be required.