WASHINGTON – It seems that everyone is talking about the social networking phenomenon, including the Federal Trade Commission.
MySpace.com, Facebook.com and Youtube.com, the social networking poster children, were the most referenced technology companies discussed during the FTC’s recent public hearing, “Protecting Consumers in the Next Tech-ade,” held here Nov. 6-8 at George Washington University.
The child safety issue dominated the conversation at a panel titled “Social Networking: Trends and Implication for the Future” – and rightly so.
FTC Commissioner Pamela Jones Harbour’s opening remarks set the tone, as she touted the FTC’s heightened efforts to provide a safer online experience to children. Referring to the Children’s Online Privacy Protection Act of 1998, Commissioner Harbour used the recent settlement with social networking Web site xanga.com as her case-in-point.
Xanga.com was penalized for allegedly violating COPPA by collecting, using and disclosing personal information from children under the age of 13 without first notifying parents and obtaining their consent.
The Xanga settlement, which included a $1 million penalty, (the largest ever assessed by the FTC for a COPPA violation) should be heralded as an important precedent and reminder to the industry. Most important, it is an indicator of two points: The FTC fully intends to exercise its jurisdiction in this area to make the industry understand that there are clear limits on what can and cannot be done. Further, it is instructional in that it does provide concrete and practical examples of the types of behavior and practices the FTC will find unacceptable when conducted by a social networking Web site.
The FTC’s rules implementing COPPA require that social networking Web sites provide notice of their information practices and obtain parental consent before collecting, using, or disclosing personal information from children under 13.
Arguably, Xanga was in compliance with the rules. Their Web site stated that children under 13 could not join and required registrants to certify that they were at least 13 years old before they were allowed to register. However, as the FTC’s complaint alleged, Xanga’s compliance with the rules were superficial at best and at worst encouraged children to disregard the rules.
For instance, Xanga’s age verification largely consisted of requiring a child to check a box to verify that he or she was at least 13, and if a child did not check the box, a message appeared that stated that in order to proceed, “you must check the box below to certify that you are at least 13 years old.” In addition, despite requiring certification that users were at least 13 years old to register, thereafter users were allowed to create Xanga profiles that indicating they were younger than 13.
This last practice was a particularly damning piece of evidence cited in the complaint and was used by the FTC to support the claim that Xanga had actual knowledge that they were collecting and disclosing personal information from children younger than 13.
The Xanga consent order laid out certain steps that Xanga must take in order to comply with COPPA. The consent order, among other things, required that Xanga take the following steps:
- Place a clear and conspicuous link to www.ftc.gov/privacy, a site where users can find more information about protecting children’s online privacy, 1.) in their privacy notices section of the Web site, 2.) in the direct notice sent to parents and 3.) at each location where personal information is collected;
- Place a clear and conspicuous link to www.OnGuardOnline.gov, a site with social networking safety tips for parents, on the homepage and privacy notices section of the Web site;
- Provide a copy of the FTC’s compliance guide “How to Comply with the COPPA” to all employees and anyone having responsibilities related to the operation.
Even though the company stated that it was not required under the consent order or COPPA to do so, Xanga also took the following additional steps:
- Hiring a chief safety officer to be responsible for defining safety and abuse policies;
- Adopting the best practices recommendations of the Children’s Advertising Review Unit of the Better Business Bureau, including neutral age-screening and session cookies;
- Cooperating with organizations such as BlogSafety.com and the National Center for Missing and Exploited Children;
- Created a flagging system that allows users to report others who are underage and who are posting material in violation of Xanga’s terms of service.
The Xanga consent order outlines what can be viewed as “best practices” for children-oriented social networking Web sites or Web sites that collect personal information from children under 13.
While most of the discussion at “Protecting Consumers in the Next Tech-ade” revolved around the uncertainty that the next decade held for technology companies, consumers and policy makers, the FTC agenda on issues related to child safety was clear. The FTC has aggressively committed to using targeted law enforcement to provide a safer online experience for children. The Xanga settlement’s $1 million penalty (more than twice as large as the next largest penalty) should not be seen as an aberration, but rather as an indicator that this is only the beginning of what is to come.