Posted in kids, Safety/Privacy, web business

COPPA musings

The annual FOSI conference held in DC last week really helped to articulate for me some of the current ambiguity in the COPPA legislation, specifically with it’s intention and it’s enforcement.

Currently, the law is written in such a way that it clearly intends to protect childrens’ personally identifiable information (PII) from being used for nefarious purposes by the websites collecting it or their third party partners.  Some of the changes being proposed (public comments are due by the end of Nov) help to update and articulate this point and make the criteria points a bit more salient with todays tech climate (i.e adding geo-location, behavioral advertising, etc).

One point that is hotly debated is Email Plus.  Currently, sites can use this method (sending notification emails to a parent informing them of a child’s intent to share PII), but the FTC is trying to remove this.  The reason for this being that the sites should, by in large, not be soliciting PII from children in the first place and if they are, they should be complying with the more rigid parental verification models detailed in the law.  As Amy Pritchard from Metaverse Modsquad articulated to me, “Email plus is being eliminated as a way to collect PII and use it internally, as most sites had used it as a best practice parental notification method.  In order to allow sites to continue to do this, the proposed changes allow for sites to collect the parent email address for purposes of notifying the parent that the child has become a member of [or registered for] the site.”

The informal debates that I heard and participated in at the FOSI conference dealt mostly in the intent of the law.  Most of us agreed that the law should protect a child’s PII from being used for anything other than to make the game play better.  For the most part, the consensus is that, except for specific situations, like contests, DOB and gender are really the only 2 pieces of child PII a site needs to collect, and these are allowed currently under COPPA.

The finer point that I recognized in our sometimes spirited debates was between solicited PII and passively collected PII.   A site should not solicit PII from kids, such as in the registration process, as most of this information is not needed for normal game-play (unless, again, they get verifiable parental consent).   But what if kids give PII freely, such as in chat or on forums/boards?  What, if any, sanctions should be levied unto the site in these scenarios?  The informal consensus was that the site should at least employ means of screening and moderating such content so as to make sure that this PII is not easily given and read on the site – but that this should not be legislated as part of COPPA.

Anne Collier wrote about this recently (http://www.netfamilynews.org/?p=30775) – “The proposed [COPPA] changes respond to the advent of social media (social network sites, virtual worlds, online games, apps, etc.) in that sites can “allow children to participate in interactive communities without parental consent so long as the operators take reasonable measures to delete all or virtually all children’s personal information before it is made public,” and companies will also have to hold third parties such as app providers to the same privacy standards their services are held to.”

I do not think that the intention of the law should be about teaching and protecting kids to be safe with their PII.  While this is an ethical and moral imperative that companies that target this demographic should abide by, I fall pretty firmly on the side that this should not be federally mandated.  Many of us, myself included, believe that the free market, and hopefully vocal parent groups and watchdog organizations, should be more of the gauge as to whether this is being done on individual sites.  In theory, educating and protecting kids from sharing PII in chat is a great idea, but those of use who have to DO that work, realize how difficult and sometimes impossible it is to be 100% effective.  I do not see how the government could keep up with or track down how effectively sites are at keeping up with that.

This was the 5th Annual FOSI conference, and it was very good to see more representation from practitioners, rather than just lobbyists, marketers, safety advocates, researchers and bloggers.  Hopefully, those of us with real-world/front-line experience in implementing these sort of laws can gain influence in the conversations so laws can be amended or written practically the first time, rather than after the fact (or not at all).

Advertisements

Author:

I am a data & results driven Digital Media Influencer with over 15 years of experience in engagement, family marketing, scaling infrastructure and audience culture across a product’s lifetime from pre-launch to millions of users. Strategic Vision & Business Development: • Articulated corporate integrated digital marketing strategies for 10 children’s entertainment properties across multiple digital channels • Authored a comprehensive business plan for scalable online community infrastructure for internal and external partners and successfully participated in a thorough VC due diligence process • Increased sales revenue by 20% while managing 6 million dollars of annual revenue in existing business services. Production & Project Management: • Developed multiple 2D & 3D multi-player virtual worlds, online games & apps based on repurposed/original assets • Produced 12 animated 2-minute shorts for broadcast on television & developed animation production department workflows • Launched multiple major website redesigns to include more fan interaction • Led workflow & process optimization teams to improve operational effectiveness/productivity. Audience Engagement & Research: • Developed domestic and international audience research programs both on & offline for both parent and children audiences • Grew multiple audiences from pre-launch to tens of millions by using organic, as well as established marketing tactics. Team Management & Relationship Building: • Designed team management & organizational structures for multiple Web Content and Web Marketing departments including international remote teams of staff in North & South America, Europe and Asia. • Managed teams in multiple disciplines, including customer service, social media engagement, production, moderation, marketing, design, tech and content development. • Extensive client, vendor and partner management experience in television, licensing, digital, e-commerce & customer service industries

5 thoughts on “COPPA musings

  1. Thanks for the excellent summary and information Joi. As always, everyone at Inversoft is looking forward to the changes made to COPPA over the coming months as it will certainly have wide reaching effects on many companies and industries.

  2. Very interesting and informative– It concerns me that there is a growing possibility of the FTC forbidding gaming companies to solicit emails during their registration processes. While I absolutely agree that most of kids’ personal information should never be collected, I do suspect that where game moderation is concerned there is currently not a less invasive replacement available for what that piece of information provides. The benefit to kids’ safety in having an email address readily available to game moderators seems to invalidate the reasoning of those with scruples about collecting this information. Simply notifying parents of an account’s creation definitely falls short of the intention of the legislation in the first place (to help make kids safer).

    While many parents do not receive notifications emails “to a parent informing them of a child’s intent to share pii”, for example (since many kids use their own or bogus email addresses when they register), nevertheless they are an effective online safety teaching tool. The debate on whose responsibility it is to educate kids about online safety continues (and I agree with you, Joi, on this issue if I’ve interpreted your opinion correctly), and it seems like the FTC believes it is the gaming industry’s. However, whether or not they’re correct is mostly irrelevant, isn’t it? Why can’t the FTC see that simply for the sake of good business practices that encourage more gameplay, it makes absolute sense for companies to encourage game safety as well as gamer privacy by protecting pii— it is in their own best interest to promote online safety. Notifying parents and/or kids of pii violations, etc. does just that.

    Is a federal mandate prohibiting companies asking for email addresses while simultaneously forcing companies to screen all possible cases of pvp pii giveaways really necessary here? Would it be productive? Would it be preventative?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s