UNITED STATES OF
Bureau of Consumer Protection
July 15, 1997
Kathryn C. Montgomery, President
Re: Petition Requesting Investigation of, and Enforcement Action Against SpectraCom, Inc.
Dear Ms. Montgomery and Mr. Chester:
On May 13, 1996, the Center for Media Education (CME) filed a petition requesting that the Commission investigate and bring a law enforcement action for alleged deceptive practices in the operation of an Internet Web site called KidsCom, then operated by SpectraCom, Inc.(1) The site is now operated by an affiliated entity, The KidsCom Company (hereinafter, both are referred to as KidsCom). Our review of this matter indicates that certain of KidsComs practices likely violated Section 5 of the Federal Trade Commission Act. For several reasons, including the fact that KidsCom has modified its conduct, we have decided not to recommend enforcement action at this time. To provide guidance in this area, however, we are providing our analysis of the practices involved in this Web site, and are setting forth several broad principles we believe apply generally to online information collection from children.
KidsCom is a Web site that describes itself as [a] Communications Playground for kids ages 4 to 15. Children with a computer, a modem, and a Web browser can access KidsCom through the Internet.(2)
At the time of your petition, when children first accessed the KidsCom site, they were required to register by completing the "Who Do You Wanna Be?" survey, which requested them to answer a number of questions about themselves, including their name, sex, birthday, e-mail address, home address, number of family members, and grade.(3) They then had access to the rest of the site, which consisted of a number of connected activity sections including, among others, Find A Key Pal, which matched children for e-mail pen pal correspondence; the Graffiti Wall, a chat room for children; KidsKash Questions, which provided an opportunity to earn KidsKash points used to redeem prizes at the Loot Locker; and New Stuff For Kids, which provided information about various new products. In the "KidsKash Questions" portion of the site, children were asked to provide their full name and e-mail address and to answer questions about their product and activity preferences.
This letter addresses two issues raised by CMEs petition with regard to KidsComs practices. First, the petition alleges that the KidsCom site was used to solicit personal information from children in a deceptive manner. It charges that KidsCom failed to fully and accurately disclose the purpose for which it collected the information and the uses that it made of it. Second, the petition asserts that KidsCom deceptively portrayed KidsCom as independently and objectively endorsing products, when in fact the "endorsements" were essentially disguised advertising.
THE COLLECTION OF PERSONAL INFORMATION
The staff has conducted an investigation of KidsComs collection and use of childrens personal information through the KidsCom Web site,(4) and concluded that certain of KidsComs information practices may have violated Section 5 of the Federal Trade Commission Act.
The "KidsKash Questions" area of the Web site awarded "KidsKash" to children who answer surveys containing detailed questions regarding, among other things, their preferences with respect to specific products. These surveys were optional. Information collected from some of these surveys was provided to private companies on an aggregate, anonymous basis.(5)
As you know, Section 5 of the Federal Trade Commission Act ("FTC Act"), 15 U.S.C. 45, prohibits unfair and deceptive practices that are in or affecting commerce. A representation, omission or practice is deceptive if it is likely to mislead reasonable consumers in a material fashion.(6) When KidsCom collected information at the KidsKash Questions area, it represented that the information collection would enable the children to earn premiums, but did not also disclose the marketing uses of this information. It is a deceptive practice to represent that a Web site is collecting personally identifiable information from a child for a particular purpose (e.g., to earn points to redeem a premium), when the information will also be used for another purpose which parents would find material,(7) in the absence of a clear and prominent disclosure to that effect.(8)
Moreover, in order to be effective, any disclosure regarding collection and use of childrens personally identifiable information must be made to a parent, given the limited ability of many children within the target audience to comprehend such information. While the KidsCom site, from time to time, did feature notices advising children to seek parental consent before participating in KidsCom or completing surveys, we agree with petitioner that these disclosures were inadequate to notify children or parents that the personally identifiable information solicited was intended for marketing research purposes.
An adequate notice to parents should disclose: who is collecting the personally identifiable information, what information is being collected, its intended use(s), to whom and in what form it will be disclosed to third parties, and the means by which parents may prevent the retention, use or disclosure of the information.(9)
On the KidsCom site, the "Who Do You Wanna Be? registration survey asked questions about childrens preferences and was mandatory for gaining access to most other portions of the site. Some of the information collected at this area of the site was used in the sites Key Pal (online pen pal) program, if the child wanted to participate in that activity. Thus, a childs first name, age, e-mail address and areas of interest were made available to other registrants, in order that they could become "key pals."(10)
A practice is unfair under Section 5 if it causes, or is likely to cause, substantial injury to consumers which is not reasonably avoidable and is not outweighed by countervailing benefits to consumers or competition.(11) We believe that it would likely be an unfair practice in violation of Section 5 to collect personally identifiable information, such as name, e-mail address, home address or phone number, from children and sell or otherwise disclose such identifiable information to third parties without providing parents with adequate notice, as described above, and an opportunity to control the collection and use of the information. As we learned at the recent Privacy Workshop, the release of childrens personally identifiable information to third parties creates a risk of injury or exploitation of the children so identified.(12) The release of childrens information through the KidsCom Key Pal program, without providing parents with adequate notice and an opportunity to control the information, raised just such risks. For example, it is possible that an adult posing as a child could have used the Key Pal program to contact a child directly. In such a circumstance, we believe that before releasing individually identifiable data about children, the company should obtain parental consent.
CMEs petition also alleges that the "New Stuff for Kids" section of KidsCom contained deceptive product endorsements. In that section, KidsCom posted information about various products along with the following statement:
The petition asserts that KidsCom represented that the information contained in New Stuff for Kids constituted an independent and objective endorsement of the featured products. In fact, according to the petition, KidsCom solicited new product press releases from manufacturers for this section, and required manufacturers to donate products valuing at least $1,000 to obtain the "endorsement." It appears that the donated products may have been used as prizes purchased by children with the KidsKash they earned.
The passing off of an advertisement as an independent review or endorsement is a deceptive practice under Section 5 of the FTC Act. This is based on the common sense notion that independent product evaluations are material to consumers, i.e., that consumers reading what appears to be an independent review or news report about a product are likely to give it more credence than they would give what they know to be an advertisement.(13) KidsComs practice of portraying the product information in the New Stuff for Kids section as stemming from an independent appraisal, and its failure to clearly and conspicuously disclose in a manner understandable to children that the information was solicited from the manufacturers and printed in exchange for in-kind payment, was likely to mislead reasonable consumers.
Notwithstanding our belief that the practices identified above likely violated Section 5, we are not recommending that the Commission take enforcement action at this time. This decision is based on several factors.
First, KidsCom has modified its Web site in significant respects. KidsCom now sends an e-mail to parents when children register at the site, providing notice of its collection practices. Parents are provided with the option to object to release of information to third parties on an aggregate, anonymous basis. Most importantly, KidsCom does not release personally identifiable information (in the form of Key Pal information) to third parties without prior parental approval. KidsCom currently requires that parents return by facsimile or postal mail a signed authorization. KidsCom also now discloses to the site visitor the purposes for which it is collecting the information. With regard to the deceptive endorsements, KidsCom has eliminated the statement quoted in the previous section regarding the product evaluations and expressly states (when this is the fact) that the products descriptions are obtained from the manufacturer. Additionally, KidsCom has introduced The Ad Bug, a cartoon icon, which together with other textual material is designed to identify the presence of advertising in the New Stuff for Kids section and other site locations.
Second, there is no evidence that KidsCom at any time released any personally identifiable information to third parties for commercial marketing or any other purposes (other than for the Key Pal program). Such practices would have been of particular concern in light of the absence of adequate disclosure and prior parental consent.
Third, the collection of information from children on the Internet is widespread.(14) Thus, the legal principles implicated here have broader application to other marketers. In light of the rapidly growing technological development and commercial expansion on the Internet, we believe that it is appropriate to issue this letter to provide notice of our interpretation of the relevant legal standard.
In light of the foregoing, the staff has determined not to recommend that the Commission initiate a law enforcement action against KidsCom at this time. We will continue to monitor KidsCom, as well as other commercial Web site operators, to ascertain whether they may be engaged in deceptive or unfair practices. Hereafter, staff may recommend law enforcement proceedings against marketers who engage in deceptive information practices, or who unfairly use personally identifiable information collected from children.
We encourage your continued participation in developing the issues and solutions to protecting privacy online. Petitions from groups such as yours are a helpful means of reviewing possible unfair or deceptive practices, and we hope you will continue to bring to our attention any advertising or marketing campaign that you believe may violate the FTC Act.
(1)CME has submitted several reports and letters to the Commission on this and related subjects. On March 28, 1996, CME submitted its report, "The Web of Deception," outlining concerns regarding online practices targeted to children and asking for an investigation of site practices and implementation of certain principles. On June 5, 1996, in conjunction with the Consumer Federation of America, CME submitted proposed guidelines for online practices. This submission was supplemented on June 19, 1996. On November 25, 1996, and again on June 12, 1997, CME provided additional examples of online collection practices that it considers to be unfair or deceptive.
This letter is responsive to CMEs submissions insofar as they raised concerns regarding information collection and endorsement practices at the KidsCom site. CMEs requests for issuance of principles or guidelines remain under consideration. With regard to CMEs request for action against other sites in connection with information collection practices, staff will reevaluate the practices of those sites after the issuance of this letter, in light of the principles set forth herein. CMEs request for Commission action to address issues of commercialization on childrens sites will be addressed separately.
The views expressed herein are those of the Bureau of Consumer Protection and do not necessarily represent the view of the Commission or any individual Commissioner.
(3)The "grade" choices include "kindergarten." Petition at 6.
(4)In connection with the Bureau of Consumer Protections Internet Privacy Initiative, Commission staff also has conducted public workshops evaluating privacy on the Internet. This initiative began with the Bureaus April 1995 public workshop on Consumer Privacy and the Global Information Infrastructure, which explored consumer issues arising from new technologies such as the Internet. In June 1996, the Bureau held a public workshop specifically designed to evaluate privacy, including childrens privacy, on the Internet. See, Staff Report: Public Workshop on Consumer Privacy on the Global Information Infrastructure, December 1996. Finally, in June 1997, the Bureau conducted a follow-up workshop on Internet privacy issues, including consideration of the privacy issues posed by the computer databases known as look-up services; evaluation of the status of technological and self-regulatory responses designed to address online privacy; and examination of online collection practices as they pertain to childrens information, including examination of mechanisms for implementing information principles such as notice and parental consent.
(5)A SpectraCom marketing brochure stated: "When it comes to childrens attitudes and opinions, KidsCom can provide answers. If youre introducing a new product or need to gauge reaction to a concept or service, KidsCom offers a fast, efficient way to conduct your research."
(6)Federal Trade Commission Policy Statement on Deception, appended to, Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984).
(7)For example, survey evidence introduced at the June Privacy Workshop indicates: 64% of parents say it is not acceptable to ask children to provide their e-mail names to gather statistics on how many children visit a site and what they do at the site; 56% say it is not acceptable to ask children to provide their e-mail name along with their interests and activities in order to gather information on product improvement; 72% say it is not acceptable to ask children to provide their real names and addresses when they purchase products or register to use a site and use this information only within that company; and 97% say it is not acceptable to ask children to provide their real names and addresses when they purchase products or register to use a site and rent or sell those names to other companies. "Commerce, Communication and Privacy Online," Louis Harris/Alan F. Westin Survey, Privacy & American Business, 1997.
(8)See, e.g., Beneficial Corp., 86 F.T.C. 119 (1975), affd in part and revd in part on other grounds, 542 F.2d 611 (3d Cir. 1976), cert. denied, 430 U.S. 983 (1977) (deceptive to fail to disclose to consumers that information they provided to tax preparer would be used to solicit loans); Equifax, Inc., 96 F.T.C. 844 (1980), revd on other grounds, 678 F.2d 1047 (11th Cir. 1982) (deceptive to represent, inaccurately, that medical information would be released only to insurance companies); H&R Block, Inc., 80 F.T.C. 304 (1972) (consent), modified, 100 F.T.C. 523 (1982) (deceptive for tax preparer to fail to disclose use of tax information for purposes other than tax preparation).
(9)In response to CMEs complaint, staff also reviewed whether KidsCom engaged in deceptive or unfair practices in connection with the Graffiti Wall, tracking technologies, or micro targeting. With regard to the Graffiti Wall, it appears that KidsCom discourages children from placing individually identifiable information, such as full names or e-mail addresses, on the Graffiti Wall; clears the log of information placed on the Wall twice each day; does not use the Wall, or information placed on the Wall, for marketing research; and uses information obtained from the Graffiti Wall only as needed to address violations of its rules for participating there (such as swearing).
Tracking technologies, such as click stream data and cookies, permit a site to record the details of a childs site activities. KidsCom does not have or utilize cookies. Additionally, KidsCom does not use click stream technology that permits it to keep a log of the progress of a specific computer as its user progresses through the site. KidsCom becomes aware that a particular child has visited a specific site page only when an already-registered child inputs his or her name to claim KidsKash points for participating in an activity there. This information is not tied to click stream data, not turned over to third parties and is not used for marketing research purposes.
Finally, CME has requested that the Commission evaluate online "micro targeting," which it describes as the development of an advertising pitch specifically tailored to an individual child, based upon information obtained from data collection techniques. Staffs investigation reveals that KidsCom does not engage in such practices.
(10) With this exception, it appears that information collected through the registration form was not released to third parties, in either individually identifiable or aggregate format.
(11)15 U.S.C. 45 (n).
(12)Of particular concern would be uses of information that create the possibility of access by child predators. Department of Justice and Federal Bureau of Investigation representatives speaking at the June 1997 Privacy Workshop (see n. 4) confirmed that publication on the Internet of childrens personally identifying information can make them subject to approach by predators. Moreover, it appears that use of computer telecommunications is rapidly becoming one of the most prevalent techniques by which pedophiles identify and recruit children for sexually illicit relationships. See also Statement of Louis J. Freeh before the Senate Appropriations Committee, Subcommittee on the Departments of Commerce, Justice and State, the Judiciary, and Related Agencies, April 8, 1997.
(13)See, e.g., Georgetown Publishing House, C-3673 (November 22, 1996) (consent order) (challenging as deceptive an advertisement mailed to consumers that looked like an independent book review that had been ripped out of a publication and mailed to them by an acquaintance); National Dietary Research, Inc., D-9263 (November 7, 1995) (consent order) (alleging deceptive format in advertisements that looked like newspaper articles); JS&A Group, Inc., 111 F.T.C. 522 (1989) (consent order) (challenging format of infomercial that appeared to be independent television show evaluating sunglasses); Commission Advisory Opinion No. 191, 73 F.T.C. 1307 (1968) (stating opinion that a newspaper ad mimicking the format of a restaurant review was deceptive). See also Nutri/System, Inc., 116 F.T.C. 1408 (1993) (consent order) (advertisements cited evaluation and rating of diet programs that appeared in an article in Healthline magazine, implying that the advertiser had no material connection with the publication of the ratings, when in fact the advertiser paid a sponsorship fee to the magazine and received and exercised a right of prior review of the article). Historically, maintaining a clear distinction between advertising and editorial content is even more important when dealing with children than with adults, because children have difficulty distinguishing program content from commercial matter. See Broadcast and Cable Services; Childrens Television Programming, 56 Fed. Reg. 19611, 19615 (1991).
(14)See Staff Report, Public Workshop on Consumer Privacy on the Global Information Infrastructure, December 1996, Appendix E.