| Children’s Online Privacy Protection Rule--Comment, P994504 Secretary June 11, 1999 Ladies and Gentlemen: beenz.com inc. ("beenz.com") is submitting this comment to the Notice of Proposed Rulemaking to implement the Children's Online Privacy Protection Act of 1998 (the "Rule"). We are submitting a faxed signature page. The original, signed copy will be submitted as soon as practicable. Company Profile: beenz.com is a private company which has created units of credit and barter for internet transactions and exchanges called "beenz3 ". Individuals who set up an account with beenz.com gather beenz3 on the websites of certain internet vendors by clicking on beenz3 icons and performing specific tasks. The beenz.com website provides links to the websites of internet vendors who have placed beenz3 icons on their websites. The customer then can trade the beenz3 for credit against purchases of items from these vendors and can receive items in exchange for a certain number of beenz3 . beenz.com tracks individual beenz3 from the time of their placement on the vendors' websites to the time that they are traded in by a customer for goods, services or information. beenz.com collects certain information about that customer in order to track and credit the beenz3 collected and traded. beenz.com places the utmost value on the privacy of the information submitted to it by its customers. In order for a customer to open an account, beenz.com requires that the customer create a password and disclose a name, an email account and, for the protection of the privacy of children as described below, his or her birth date. The customer is also asked voluntarily to disclose gender information, but is explicitly told that such information is not required to open an account. No personally identifying information provided by customers is released to third parties unless the customer explicitly has agreed to allow such a disclosure. Customers applying for an account are provided with a link to the beenz.com privacy policy and are encouraged to read it before completing their application. Each page on the website also contains, at the bottom, an active link to the privacy policy. A copy of the privacy statement as it appears on the website is attached hereto as Exhibit A. Comment Summary: Section I, Question 3 of the Rule seeks comment on the definition of "operator" as set forth in Section 312.2 of the Rule, and whether the definition is sufficiently clear to provide notice as to who is covered by the Rule. The beenz.com website is not directed at children, and beenz.com prohibits children under the age of thirteen from establishing an account. beenz.com asks customers for their birth date in order to ensure that such children do not receive accounts. beenz.com's policy regarding children is displayed in bold at the top of the privacy policy, and again above the space in which customers enter their name and email to set up an account. beenz.com believes that it has made very significant efforts to safeguard the privacy of children. It submits this comment to the Rule to clarify that a website such as beenz.com, that is not directed at children and forbids children from using its services, should not be subject to certain of the particular requirements that the rule would impose on those websites that do target children or have actual knowledge that they are collecting information from a child, and should not be required, in addition to the other steps it may voluntarily take, to post a link to a notice of information practices with regard to children on the home page, in a location not requiring the website visitor to scroll down to see it, and on each place on the website where personal information could be collected. Analysis: As defined in the Rule, the meaning of "operator" contains an ambiguity regarding this issue. Pursuant to the "General Requirements" of Section 312.3, the Rule clearly is intended to apply only to an "operator of a website or online service directed to children, or any operator that has actual knowledge that it is collecting personal information from a child." This articulation of the scope of operators covered by the Rule comports with Section 1303(a)(1) of the Children’s Online Privacy Protection Act of 1998 ("The Act"), entitled "Acts Prohibited--In General." This Section states that "[i]t is unlawful for an operator of a website or online service directed to children, or any operator that has actual knowledge that it is collecting personal information from a child, to collect personal information from a child in a manner that violates the regulations prescribed under subsection (b)." In addition, Section 1303(b)(1) mandates the promulgation of regulations by the Commission regarding notices and parental consent covering such operators only. Any website or online service that is not directed to children and does not collect personal information from children, therefore, should not be required to comply, at the least, with the notice or consent provisions of the Act and the proposed Rule. Under Section 312.3 as proposed, however, subsections (a)-(e) apply broadly to "operator[s]" rather than only to the specific subset of those operators of websites and online services directed at children, or those with actual knowledge that personal information is being collected from a child. Furthermore, Section 312.4 similarly requires that "[a]n operator" must post a link to a notice of its information practices with regard to children. Since many provisions of the Rule do not specifically designate a subset of which websites and online services are subject to the provisions, the Rule is not sufficiently clear as to who is covered. In order to remedy the ambiguity and clarify those operators intended to be subject to the Rule, we propose implementing one or all of the following solutions:
Thank you very much for your time and consideration with respect to this matter. We look forward to continuing to participate in the process of crafting the framework for effective childrens' privacy regulations on the internet. Sincerely, Sean P. Lane EXHIBIT A BEENZ.COM PRIVACY POLICY Our Privacy Policy & Practices IMPORTANT NOTICE FOR PARENTS AND CHILDREN It is the policy of beenz.com not to establish accounts for or collect information from children who are under the age of thirteen. The beenz.com website is not intended to be directed to or targeted at children under the age of thirteen. Your privacy matters to us beenz.com will NOT release to any third party any personally-identifying information (for example, your name and e-mail address) without your express prior permission. This means that we assume you do not want your e-mail address or name given out unless you say so in the registration process or afterwards. You can opt in or out at any time If you have given us such permission at any point in the past, for example at registration, you can change your mind at any time and amend your personal profile in an on-line form accessible from your mybeenz account statement. Access to your account is password protected Access to your personal account on-line is password protected. We use cookies to identify you when you log in to view your statement. These cookies are only used to ensure that access to account or profile information pages and services is only possible when you have correctly logged in EACH TIME you visit us. The cookies do not persist (i.e. are not stored) once you log-out or leave this Web site. We will NEVER divulge your account password to any person. In the event that your password has been mislaid, you may generate an on-line request to have the password sent to you by e-mail at the address used in registration. What information we need to collect beenz.com collects the minimum information from you in order to set up a personal beenz account - your e-mail address and name, as well as your choice of password. This information is necessary for you to access the beenz transaction system via. participating Web sites. For example, your e-mail address is used to enable you to identify yourself to us in a beenz transaction Java applet so that we know who to give the beenz to. beenz.com also collects and stores a complete record of all beenz transactions as part of the operation of the beenz program. The complete extent of this information is always available to you on demand in your mybeenz statement at beenz.com upon entry of the correct password. We may also request other, optional, information We may from time to time also request additional information from you, such as age, gender, and other personal information. Whenever we do so, such information collection will always be voluntary, and refusal or acceptance will not affect your ability to collect and spend beenz. We will also state clearly the purpose for which the information is being collected. We may also combine this information with information we acquire from other sources It may be possible for us to combine the information we have collected about you with information provided to us about you by our partners. For example, a Web site which you subscribe to may be able to provide us with further information about your interests. This may allow us to offer you a more personalised service as a consequence. We promise to inform you if this ever takes place, along with the reason for doing so and the source of the information we were provided with. How we store information Information is stored centrally at a physically and electronically secure data centre. Direct access to this database is highly restricted to authorised beenz.com staff and their appointed agents. beenz.com has taken every reasonable step to ensure that your information is held securely at all times and that access to it is closely monitored for possible intrusion. What else we may do with the information we gather We may, from time to time, perform analyses or allow others to perform analyses on all or part of the beenz transaction data held by us on all or some of our personal account holders and traders. The information we divulge to enable this analysis will not include your personally identifying information if you have not consented to this information being divulged. The sort of information provided in this situation could include, for example, a record of the number of people who have accepted an offer of beenz from a particular Web site - but without any reference to the individuals concerned. The purpose of these analyses will be to enhance our knowledge of the use of the beenz program by users, to identify patterns and profile demographics, and other information which may be of value to us or our partners for marketing, service development or business management reasons. Privacy at other Web sites trading beenz When you take up a beenz offer or spend beenz at a participating Web site, you may be required to enter your email address and, in the case of spending beenz, your account password into a beenz.com Java applet. Whenever you use the beenz applet to enable a beenz transaction, even though you are visiting a Web site operated independently of beenz.com, the information you enter relating to your beenz account is ONLY passed to beenz.com, and not to the web site owner, as part of the transaction being carried out. This means that you can receive beenz and spend beenz at a web site in the knowledge that your identity has been shielded from them. You may find that Web sites offer to reward you in beenz for giving them personal information, such as your email address, name, and other personal profile information in exchange for beenz. You are free to accept or refuse such an offer. Such actions are entirely between you and the Web site you are visiting. The information you give to any Web site in exchange for beenz is not stored, received, requested and may not even be available to us. This information may include, for example, your credit card information used in a purchase from a third party Web site. beenz.com is not responsible for the accuracy, truth, or reliability of any product, information, opinions, representations, warranties, advice or other material provided by any Web site participating in the beenz program. Your responsibilities beenz.com cannot ensure your privacy if you do not do so yourself. Don’t divulge your beenz account password to any third party. You will not be asked for it by anyone connected to, or unconnected to, beenz.com and it’s partner companies. If you are suspicious of any request for information, please contact us immediately at privacy@beenz.com. beenz.com cannot be held responsible for any activity in your account which results from your failure to keep your own password secure. Questions? If you have any questions concerning our privacy policy or practices, please contact us directly by email on privacy@beenz.com. |