ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Net privacy law costs a bundle

Network World Fusion

May 16, 2000
Web posted at: 9:03 a.m. EDT (1303 GMT)

(IDG) -- Like motherhood and apple pie, children's online privacy is an issue that everyone supports in theory. However, Web publishers are discovering that meeting the requirements of a new federal law designed to protect children on the Internet is much more time-consuming and expensive than originally anticipated.

Just ask the folks at, who spent three months and more than $150,000 to get their Web site to comply with the Children's Online Privacy Protection Act (COPPA) of 1998. The reward for that effort was a 20% decline in traffic.


"Complying with COPPA is not trivial," says Peter Rowe, executive vice president of development and co-founder of "You have to have a clean site, gathering no information whatsoever, to be safe."

Kid-oriented Web sites aren't the only ones required to comply with COPPA, which went into effect three weeks ago. All commercial Web sites need to obtain parental consent before collecting, using or disclosing personal information from children younger than 13.

  Network World Fusion home page
  Free Network World Fusion newsletters
  FTC publishes Internet privacy rule
  The future of online-privacy organizations
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Perhaps more important, the experience that children's Web sites are having with COPPA is a harbinger of the 'Net's future. A Federal Trade Commission survey released last week found only 20% of e-commerce Web sites met its standards for protecting consumer privacy, prompting the agency to consider issuing rules regulating Internet policy. Meanwhile, more than 100 privacy bills are pending before state and federal legislatures in the U.S. Industry observers say it is likely that all commercial Web sites eventually will face the legal, marketing and IT costs that children's Web sites have already encountered with COPPA.

"The vast majority of companies that have Web sites don't have good privacy policies," says Deborah Pierce, a staff attorney with the Electronic Frontier Foundation. "If you are running a general-purpose Web site, you need to think about what kind of information you are gathering about your visitors and if you need to gather it."

Many children's Web sites spent months of development time and anywhere from $25,000 to $150,000 to ensure compliance with COPPA. The sites needing the most retooling are those with interactive services that now require parental notification., a Web site for kids ages 6 to 13, required a major redesign even though it already had a privacy policy and didn't disclose kids' names or contact information.

"It was a lot more complicated than we originally thought it would be," says Shelley Pritikin, director of marketing at "We thought we were a pretty safe site but this law is quite restrictive." had to redesign its membership system and re-enroll all its members age 12 and younger. The site had to prevent these users from participating in the e-mail, chat or prize sections until parental permission was received. It had to set up a system for receiving parental permission via phone, fax or postal mail, as well as a database to store permission information. Maintenance systems were changed to purge e-mail and log files on a more frequent basis. The e-commerce section was disabled. "The kids are not happy about all these changes," Rowe says. "They're giving us a terrible time."

"We're spending $30,000 more a month in banner advertising to cover the traffic decrease," Pritikin says of the site's 20% traffic drop.

COPPA also made a big impression at, a gaming site for children in preschool through sixth grade. Product marketing manager Al Painter describes the site's COPPA compliance effort as "Herculean." tapped all 20 of its employees to work on COPPA compliance during March and April. The site had to remove a capability from its games section that allowed users to e-mail each other. All feedback mechanisms from children were deleted. A newsletter service, which will soon be relaunched, required a new sign-up system.

"We spent more than $10,000 to get compliant. And if you count people time, our costs would go up three or four times," Painter says.'s traffic was not affected by the changes. However, the site has delayed the introduction of interactive features - such as e-mail, bulletin boards, a rewards club and e-commerce section - until a parental notification system is established. "All of the new features will take longer and be more expensive because we'll have to run everything through [our lawyer]," Painter says.

COPPA applies to commercial Web sites and online services that are directed at or knowingly collect information from children younger than 13. Under COPPA, a Web site must:

Post a privacy policy that outlines how it collects, uses and discloses personal information about children and insert links to that policy throughout the site.

Have verifiable parental consent by phone, fax, postal mail, credit card or password-protected e-mail before collecting, using or disclosing personal information from a child.

Provide parents with access to and control over their children's personal information stored on the site.

"Depending on how a Web site was set up, there can be a significant amount of retrofitting required to comply with COPPA," says Nancy Savitt, a partner at Aftab & Savitt, a New Jersey law firm that specializes in COPPA compliance. "The sites that have done it successfully have brought in the technical people at an early stage to give [the business people] various options on how to collect the information they want in COPPA-compliant ways."

Some Web sites are making hay out of their COPPA-related investments., which offers a browser and browser plug-in to filter Web content for children ages 6 to 12, now has all its interactive features - including e-mail, chat and bulletin boards - controlled by a buddy list that parents maintain. "The main issue with COPPA is to prevent kids from talking with strangers without parental permission," says Scott Jarol, chief technology officer at

So far,'s strategy is paying off. Membership has grown more than 50% since the changes were made in January.

Rewriting the fourth amendment
May 12, 2000
Online child privacy act proves problematic for sites
April 25, 2000
More cops on the Net beat? Privacy groups say not so fast
April 10, 2000
Take Net privacy into your own hands
April 9, 1999
Internet crime report irks privacy groups
March 13, 2000
KidSafe is no choice at all
February 2, 2000

Teething problems hit online child protection plan
Children's privacy law to take effect
FTC publishes Internet privacy rule
(The Industry Standard)
E-commerce CEOs: privacy is serious
Rewriting the Fourth Amendment
(The Industry Standard)
Clinton-Gore plan aims to protect consumer privacy
(The Industry Standard)
FTC prepares to issue privacy rule
(The Industry Standard)
The future of online-privacy organizations

FTC's latest report on Online Access and Security

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.