Tomorrow, July 1st, the Federal Trade Commission’s (FTC) current update of the Children’s Online Privacy Protection Act (COPPA) goes into effect. That fact there is an update coming hasn’t gotten much press but according to a release put out by the FTC six months ago:
The final amended Rule includes modifications to the definitions of operator, personal information, and website or online service directed to children. The amended Rule also updates the requirements set forth in the notice, parental consent, confidentiality and security, and safe harbor provisions, and adds a new provision addressing data retention and deletion.
The original version of COPPA was put into effect in 2000, so it makes sense that there are some changes to website and network operators’ responsibilities given how the landscape has shifted, especially for social and mobile media.
In order to comply, and in an effort to do the right thing for parents (although this could have been handled better), Yahoo is taking a very proactive step. Since Yahoo does collect personal information from young users of Yahoo products (Yahoo Mail, Flickr, Tumblr), they are subject to COPPA guidelines. According to Yahoo:
If you’re a parent or guardian of one of our users who are 12 and under, you’ll receive an email asking for your consent to allow your child to continue to use Yahoo! products. Your child will also see a message when they try to log in, reminding you to give us your consent.
If we don’t hear from you by June 30th, your child will not be able to log in until you submit the consent form. You’ll have until August 31, 2013 to give us your consent before we deem the account inactive.
The above paragraphs are from a Yahoo/Tumblr post dated 6/28/2013, so parents probably weren’t given a ton of notice. In addition, most parents know that it’s always easier to set up an account if you do not indicate that you’re a minor, so there are undoubtedly lots of accounts with the wrong age attached.
The last sentence quoted above, that accounts will be deemed inactive if not claimed and consent given by 8/31/2013 seems like a slap in the face to the account name squatters. If I have already secured firstname.lastname@example.org for my 3 year old, obviously he isn’t using it yet. I’m not sure how the Yahoo contact attempt will be foolproof since a lot of people ignore most emails.
I’m interested to see whether two major shortcomings of COPPA are addressed in any way in the update:
- Websites and networks generally do no work at all to ensure that users aren’t lying about their age, and
- Some sites, like Ask.fm, do not comply with COPPA standards and have not been taken to task for it
Incidentally, Yahoo Safely, section of Yahoo’s site dedicated to internet safety has some good information for parents and youths. Their Digital Safety Kit contains best practices and definitions, as well as a Family Media Agreement for 3 different age groups.
EDIT: There’s a good summary of the changes under the new COPPA here.
Contact ThirdParent any time for help and resources for monitoring teen internet activity.