Children increasingly have access to many websites and online services that may require them to legitimately share personal data or may bring them into contact with inappropriate content, commerce and/or malicious adults. Alternately, websites are emerging that are attempting to provide “youth only” communities which require some level of assurance that the registered user is a child.
In July 2006, the Federal Trade Commission (FTC) shared with Congress its concern about potential danger to children who visit social networking Web sites. In testimony before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigation, FTC Commissioner Pamela Jones Harbour said there is a “need for social networking Web sites—individually, collectively, and, most importantly, expeditiously—to develop and implement safety features to protect children who visit their sites and empower parents to protect their children when they do so.” “Because the information that children post on their online journals, web logs or ‘blogs’ can be accessed by other Internet users, social networking Web sites raise heightened privacy and security concerns. In particular, sexual predators may use the information that children provide on social networking sites to identify, contact, and exploit them, unless these sites are constructed to reduce access to this information, or users themselves take steps to limit unwanted access.” “The social networking industry has a clear incentive to create a safe online community,” Harbour said.
To reduce that threat, many websites and online service providers have attempted to, or by regulation have been required to, provide age-restricted access. However, this requires online operators of websites and services to determine the age of site visitors with reasonable assurance while staying in conformance with applicable laws. Typically, this is provided via consent age-agreements, which users may select to indicate they are of certain age. Children, though, are savvy enough to simply disregard such precautions by lying about their age in order to gain access to restricted content or services. In addition, predatory adults can easily claim to be children in order to contact and communicate with children.
The Children's Online Privacy Protection Act of 1998 (COPPA), 35 U.S.C. §§1301 et seq. was passed by Congress to address the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in its privacy policy, including when and how to seek verifiable consent from a parent or guardian for a child, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13.
An “email plus” mechanism has been promulgated by the FTC which allows online operators to use email coupled with additional steps to provide assurances that the person providing the consent for the child is the parent. See 16 C.F.R. §312.5(b)(2). Such additional steps include: sending a confirmatory email to the parent following receipt of consent; or obtaining a postal address or telephone number from the parent and confirming the parent's consent by letter or telephone call. Operators who use such methods must provide notice that the parent can revoke any consent given in response to the earlier email.
However, even this mechanism has not proved successful, as children simply falsify age, without the parent's knowledge. A website operator has little evidence (if any) to know otherwise, or to investigate or act further.
Parents want to be able to selectively restrict their child's access to entire websites and/or certain functions (e.g., chat or posting images) at an online service. Yet, parents may have very few limits to control their children's access on the Internet. Website filtering and blocking software alone has not proved to be very successful. Moreover, parents are concerned with their children providing personal information online (or to other entities) which may be made public.