The Children’s Online Privacy Protection Act (COPPA), which prohibits website operators from collecting personal information from a child under age 13 without parental consent, has been around for a little over a decade. (fn1) However, because it believes sufficient time has passed for website operators to become aware of and compliant with the rules, the Federal Trade Commission has started imposing higher penalties on violators. In its most recent COPPA enforcement action, against Sony BMG Music Entertainment, Sony agreed to a $1 million fine as part of its settlement with the FTC. .
A brief excursion around the Web suggests that most popular sites appear to attempting to comply with COPPA. Common techniques, for interactive sites that don’t want to deal with the hassle of obtaining parental consent, are to post a policy stating that submissions from persons under age 13 will not be accepted, and/or to require users to provide their birth date before being allowed to begin a registration process that allows access to a site.
However, these exclusionary techniques can be easily circumvented. It is no difficult feat for an enterprising 11 or 12 year-old to falsify her birth date in order to gain access to a social networking site. Once on the site, it would not be surprising if that 11 or 12-year old then posted information that provided her true age — such an account of her birthday party, or pictures from her school yearbook, showing her to be in the 5th grade and listing her actual age. Part of the very purpose of social networking sites is facilitate the exchange of such personal information. This creates a potential COPPA compliance problem for the website operator.