On-Line Interactions with Children (01-02)
Act Takes Effect April 22, 2000 (03)
To Whom Does It Apply? (04-05)
Kids and Private Information (06-08)
On-Line Services Include Chat Rooms and Message Boards (09-12)
Not So Grey Areas? (13-15)
What Is Private Information? (16-18)
Non-Commercial Sites Impacted (19-20)
Policing the Act (21)
What the Websites Can Do (22-26)
Problems With the Law (27-29)
Mass Appeal Test (30-32)
Checking On Liability (33)
Children Are Everyone's Responsibility (34)
For Further Reading (35)
On-Line Interactions with Children Not very long ago a teenager asked me for advice on how to create a Web site. We discussed her interests and what she thought she could do, and then I made some suggestions on how to create the content for a unique Web site. When the girl was wrapping up her work, she asked me how to create the actual pages. In other words, she did not already have Web space to use. At that point I told her a little more about myself, and advised her to sit down and discuss what she wanted to do with her parents or a teacher at school, and to make sure they understood she had been in communication with me about this project.
 In order to help her create a Web site, I would either have to ask her for private information such as her name and address, or at least instruct her in how to give this information to a Web-hosting service. I have no right to solicit such information from underage people. Nor should I be advising them to give out that information to other people. This last part of our exchange occurred only a few days after I had become aware of the Children's Online Privacy Protection Act of 1998.
Act Takes Effect April 22, 2000 This law, passed in October 1998, takes effect on April 21, 2000. The Federal Trade Commission has been authorized by Congress to administer the law, and accordingly the FTC solicited input from responsible organizations and the public last year in order to put the final rule into proper form. Unfortunately, many other people and I knew nothing about this process, and the final rule has been implemented without any input from a lot of us. In fact, barely more than 140 individuals and organizations provided comments on a rule which will affect millions of people. For the children's sake, we have to hope it is a well-written rule, but there are some open issues.
To Whom Does It Apply? One of the chief concerns over this law is to whom it applies. The United States has no jurisdiction over the Internet outside its borders. Some people feel the law may put American businesses into a poorly competitive position. Perhaps, but big business usually finds a way to survive. And other countries may enact similar laws in the near future. The Internet is already governed by international treaty in some areas such as copyright, trademark, libel, and pornography. The international community is slowly but surely building up a framework of law that will apply to everyone or nearly everyone using the Internet.
 The new law, known as COPPA, was designed to govern the practices of commercial Web sites that interact with children. But someone somewhere in the process extended the law's coverage to include ANY service that interacts with children. This broader application is of particular interest to the Hercules and Xena online fan community (and all non-commercial Webmasters) for several reasons.
Kids and Private Information First of all, many of us have children to protect. Even if they are not our own, we might find ourselves in positions of responsibility. A few months ago I helped my 8-year-old niece register for Zoog Disney (http://disney.go.com/disneychannel/zoogdisney/). It is a big thing with kids, but Zoog required parental consent for the registration. Once we got that taken care of my niece could do all sorts of things on the Zoog site. I stepped away from the computer for a few minutes and when I came back I found she had a credit card sitting on the keyboard and she was about to order some merchandise.
 Children are not precocious just when it comes to buying things on the Internet. Keeping the credit cards out of their hands is only one aspect of being responsible for them on the Internet. What about those Whizkid Webmasters who set up the fantastic Web sites? Where do they get the Web space? Some are using Mom and Dad's accounts, but many young people are signing up with free Web space providers. How many parents are actually involved in these Web contracts? Do they know what information their children are giving out, or what services their children are signing up for?
 Parents may not be aware that kids can now download and install (on their own PCs) software from free Internet Service Providers such as NetZero, Excite, and Alta Vista. They do not have to use Mom and Dad's accounts any more, even though these ISPs may be trying to restrict access only to adults. What is to prevent a determined child from clicking on the "Yes, I am 18 or older" button? Nothing.
On-Line Services Include Chat Rooms and Message Boards But where the online community of Webmasters becomes directly concerned with the privacy of children is the provision under COPPA for including "online services" in the target population which must comply with this law. An online service includes a chat room or message board. The FTC is not talking about America Online. They are talking about specific services that any Webmaster can install on his or her site: chat rooms and message boards. Also, if you simply run a newsletter, you, too, may have to comply with the law.
 The FTC rule says:
If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that it collects personal information from children, you must comply with the Children's Online Privacy Protection Act. How many of us are directing our chat rooms and message boards to the under 13 crowd? The FTC has decided they will use the following criteria for determining who is and who is not targeting children:
To determine whether a Web site is directed to children, the FTC will consider several factors, including the subject matter; visual or audio content; the age of models on the site; language; whether advertising on the Web site is directed to children; information regarding the age of the actual or intended audience; and whether a site uses animated characters or other child-oriented features. Many Xena web sites are devoted to obviously mature themes. It may, perhaps, be a good idea for the Webmasters to put up a note indicating children should not browse the site, but you need to be careful about what advertising you put on your site. If you are a member of an affiliate or associate program (some online merchants use these terms in different ways), you may have some direct links with graphics which could give the impression you are targeting children. After all, in the general population's perception, who buys action figures? Kids. Is the Xena fan community going to be excluded from compliance with the law? Maybe. We sit in a grey area.
Not So Grey Areas? Webmasters with Young Hercules content, on the other hand, will probably be perceived as directing their content toward children. The series was broadcast on Fox Kids Network, after all, and was primarily marketed toward the young audience. And if you are selling Young Hercules novels through online bookstore affiliate or associate programs, well, you are not necessarily in the clear. Any message boards or chat rooms or mailing lists devoted to the Young Hercules show may also be deemed as targeting children.
 Reviews of the Hercules and Xena animated movie, discussions about it, advertisements for it, affiliate/associate links for purchasing the video, etc. are another factor to consider. There are even Xena books that were published for younger readers. If you are selling these, you need to consider how that affects the overall impression your Web site gives to the casual visitor.
 Of course, just because you have got referral links on your Web site does not mean you are required to comply with the law. The question comes down to whether you are initiating an ongoing communication with your visitors, and if you know whether these visitors (or some of them) are children under the age of 13. If you are not hosting chat services, message boards, and newsletters, are you in the clear? Maybe. What about that guest book you have got on your site? Does it not ask for names and email addresses? Is it not making that information available to third parties? Will COPPA be the death of the guest book tradition that many perfectly innocent Web sites have employed for years?
What Is Private Information? This is what the FTC regards to be private information as defined by COPPA:
The Children's Online Privacy Protection Act and Rule apply to individually identifiable information about a child that is collected online, such as full name, home address, email address, telephone number or any other information that would allow someone to identify or contact the child. The Act and Rule also cover other types of information - for example, hobbies, interests and information collected through cookies or other types of tracking mechanisms - when they are tied to individually identifiable information. If a child contacts you on his or her own initiative, you are probably safe as long as the contact is for a one-time purpose. The FTC ruling speaks of homework questions, but there are plenty of other innocent exchanges that happen. We occasionally receive email from children who want to know how to contact members of the television shows we have devoted Web space to. Sometimes children ask us for help in finding things on the Web. I may think twice about giving out that kind of advice in the future. But these kinds of contacts are regarded as reasonable exclusions.
 However, any Webmaster who must otherwise comply with the law is expected to immediately delete any private information (including email addresses) they acquire from these exchanges once they are finished. So much for keeping a record of your past emails. If you have to go hunting for something to give advice to a child once, you will have to find some way of preserving the results of your search without violating the child's privacy or else go hunting again if you are ever asked the same question twice.
Non-Commercial Sites Impacted At Xena Online Resources (http://www.xenite.org/xor/home.shtml) we often come across Web sites which have multiple content areas. Like me with Xenite.Org, many Webmasters create several mini-Web sites within one large Web site. My content covers Xena, Hercules, Edgar Rice Burroughs, J.R.R. Tolkien, Andre Norton, Farscape, Sir Arthur Conan Doyle's The Lost World (and that includes the book, the movies, and the television series), and more. I am not going to be able to duck the "mass appeal" criterion, and many other SF & F Webmasters will find themselves in the same boat as me. So it is not just the commercial Webmastering community who needs to worry about complying with this law.
 But what will happen if we fan site Webmasters do not try to comply? I have no real way of knowing, but given that there are hundreds of thousands of SF Web sites, and millions more devoted to other interests which are equally of "mass appeal" (horses, cooking, consumer rights, science, history, literature, etc.) it appears that the Web Content Monitors will not be knocking on many peoples' doors right away. The law will be reviewed in two years and we will see where we go from there.
Policing the Act The business community has, for this first two-year period, been given an opportunity to set up its own industry standards for compliance. It will be a largely self- regulating effort and doubtless people will be keeping an eye on large commercial kids' sites like Disney.Com (http://www.disney.com), Ty.Com (http://www.ty.com), CartoonNetwork.Com (http://www.cartoonnetwork.com), et. al. to see what standards they adopt. Privacy and legal industry groups will be consulted and looked to to help define these self-regulating standards. But the final question two years from will be, have we all done enough?
To determine whether an entity is an "operator" with respect to information collected at a site, the FTC will consider who owns and controls the information; who pays for the collection and maintenance of the information; what the pre- existing contractual relationships are in connection with the information; and what role the Web site plays in collecting or maintaining the information. First of all, if you have volunteers helping with your Web site, or if you are paying people to help with your Web site, they are off the hook (as far as your Web site goes). Secondly, if you are using a third-party service, or are referring people to online retailers for commissions, such that you are not directly collecting or using the private information, you are off the hook.
 But if you are running your own mailing lists, message boards, chat rooms, or distributing your own newsletters, you are the "operator". If instead of running your own services you sign up with EZBoard or InsideTheWeb, or Onelist or Topica, you should be in the clear, unless they give you access to the personal information that their registrants provide to them. If you control the information that a third-party service acquires in the process of maintaining your service, you may become liable under the law. You are responsible for the information that you collect and use, regardless of whether you are selling anything. A child's privacy is not vulnerable just through a commercial Web site. And the purpose of the law is to protect children's private information, not to regulate commerce.
Problems With the Law Of course, did the lawmakers and the people at the Federal Trade Commission stop to consider that non- commercial Webmasters who have to comply with this law are exposing their own private information? As a domain name registrant I have entered my personal information into a publicly accessible database. But what about people who do not register their own domains? Is it trivial to require them (many of whom are women who have taken measures to protect their own privacy) to post their full names, addresses, and telephone numbers on their Web sites just because they are running message boards or chat rooms?
 I have questioned some people about the freeware that is available on the Web. It appears that the originators of these scripts are not going to assume the burden of ensuring that a Webmaster is in compliance with the law. If you download and install any free version of a message board or mailing list script, you cannot look to the software to cover you. There may be registration features which give you control over who is able to post information to the board and how much personal information is disclosed, but you must still take measures to ensure that either your content excludes you from coverage under the law or that you have set up a procedure for acquiring parental permission for the child who makes use of your services.
 Even commercial versions of these kinds of applications will not offer any guarantees of compliance. No software provider can assume that kind of liability. It is the Webmaster's responsibility alone to ensure the Web site is in compliance with the law. So if you are running your own CGI applications now, and you are sure you are collecting information from children that is not protected, you should make some changes, but do not get your hopes up about finding a miracle application. Adding a registration requirement to your services will slightly inconvenience your communities, but the kids might just go elsewhere, since larger, commercial sites already require registration and soon will all require parental verification. And they also have many more goodies than the local Webmaster can provide. The law provides a few conditions where prior parental consent is not required for collecting information, but there are conditions attached (see the links at the end of the article for further details on such provisions).
Mass Appeal Test It is important to know whether your content has "mass appeal", or if it appeals to children. There are already some guidelines available for determining if a Web site is appropriate for children. You can check out the standards published by the Internet Content Rating Service. Their site includes a table that shows what ratings are applied to what content. At the very least, if you can determine that your content is inappropriate for children you can then say so on your Web site (if you feel that would not be harmful to the way your site is perceived). We do not want to put "Adults only" on fan Web sites in most cases. But if you want to exclude your site from compliance with COPPA you will need to ensure it does not look like it is intended for children.
 The "mass appeal" rule is harder to cope with. At Xenite.Org, for example, we do not forbid the use of profanity on our message boards but we strongly discourage it. We insist our discussion communities be civil and polite to one another. That provision was created for purely personal reasons. I wanted flame-free communities. But parents do not mind letting their kids browse our boards in part because we maintain a civil atmosphere. Many other message board communities have similar guidelines, and they are also visited by people of all ages.
 Would Xenite.Org be rated "Kid Safe"? Probably not quite, but we would get a pretty good rating nonetheless. But if we put "Kid Safe" on our Web pages we are all but saying we intend to provide content for children and therefore we need to comply with the law. Up until now it was a great thing to be able to say your site is "Kid Safe". Now you need to think twice. If you do not get the "Kid Safe" rating, where does that leave you? Kids may still come and sign your guest book, sign up for your newsletter, join your message board, and enter your chat area. But if you put "For adults only" on your site, then you are giving a much different and in most cases the wrong impression. We may need a new, neutral content rating.
Checking On Liability If you currently use remotely hosted applications you should review the application providers' terms of service agreements and privacy policies. If these documents have not been updated to show these services are aware of the law, then you should contact the service providers. Try to get some clear idea of who they feel is responsible for complying with the law. If they say THEY and THEY alone are, do not worry about it. If, however, the application providers you are using suggest you may also be liable (because you have access to the private information), then you should consider what you can do to either minimize your obligations under the law or to live up to them.
Children Are Everyone's Responsibility Inevitably, if we as Webmasters, parents, guardians, and employees of businesses which operate commercial Web sites or online services shirk the moral obligation to help ensure this law becomes effective, we will share in the burden of its failure and whatever consequences that failure brings, such as more stringent rules and regulations further down the road. But more importantly, we are leaving it to someone else to protect the children. An ounce of prevention is worth a pound of cure. That is the philosophy behind this law. It may not take much for the majority of us to help ensure the kids' privacy is protected. But we are entering a new era of greater responsibility for everyone, and regardless of whether you feel the law is well-designed, it is here. Let us deal with it as best we can.
For Further Reading For further reading, the following Web sites provide detailed and explicit information on the Children's Online Privacy Protection Act:
How To Comply With The Children's Online Privacy Protection Rule
Children's Online Privacy Protection Act of 1998
Gigalaw.Com: How To Comply With the Children's Online Privacy Protection Rule
Essentially same content as the FTC site, but includes a discussion forum where people can ask questions.
Center for Media Education's COPPA resources
Internet Content Rating Association
Internet Law Journal article on COPPA
Zoog Disney is a trademark of Disney Enterprises, Inc.
Onelist is a trademark of eGroups, Inc.
Ty is a trademark of Ty, Inc.
Michael Martinez is a computer programmer who has been active in SF fandom for several years. He owns the Xenite.Org domain (http://www.xenite.org/), home of 60+ Web sites, including Xena Online Resources, The History of Xena: Warrior Princess, Michael's Kevin Sorbo Review, and Stars for Lucy and Renee. He has also studied the works of J.R.R. Tolkien and has been published in several Tolkien journals.
Favorite episode: HOOVES AND HARLOTS (10/110)
Favorite line: Salmoneus: "Those legs, that leather, those boots -- Xena!" THE BLACK WOLF (11/111)
First episode seen: SINS OF THE PAST (01/101)
Least favorite episode: BACK IN THE BOTTLE (97/507)