June 11, 1999

 I am writing to comment on the proposed Children’s Online Privacy Protection Act. As a private citizen and the mother of a four-year old child in a computer savvy household, I enjoy the current benefits provided to us on the Internet and look forward to the future. My son is already using Internet websites in conjunction with television programs such as those associated with Disney or Nickelodeon and occasionally with specific toys or brands such as Legos.

While I will investigate available children’s software filters as my child gets older, in general I feel strongly that learning to use the Internet is an important area of parental participation and that the greatest burden is on the parent to guide his or her children in proper usage and navigation. In much the same way that I teach my son traffic rules, not to talk to strangers, not to give out personal information, and not to open the door to people he doesn’t know, I will be teaching him the ground rules for Internet use. This will include what kind of information he may reveal about himself, his address, his school and home, family, and finances and how he should handle friendships online and whether he will ever meet them, etc.

Before specifically addressing some of the Rule’s sections, I would like to offer some suggestions about ways in which businesses can get parental consent. I see a difference between a web site getting information for it’s own site and it selling it to third parties for other uses. I want giving consent to be as fast and easy as possible because my child and I both enjoy spontaneous Internet interaction. Additionally, I don’t want burdensome regulations to discourage businesses from catering to children. I do not favor having to send in a consent form by mail. This would be a great inconvenience for us as we do most of our tasks (bill paying, correspondence, etc.) by computer. I would not mind calling a toll-free number, but realize that this would be a great expense to some companies and I don’t want to discourage useful, educational websites which might not be able to afford the cost involved. I do look forward to a day when technology can provide a reliable "digital signature." Until then, I think that regular e-mail should be acceptable.

As a parent, I would appreciate being able to give my initial permission to a kid-friendly search engine. This search engine could allow my child to give information to any of the participants in its searches if they comply with FTC stated or endorsed guidelines. This would provide me with a good comfort level in letting my child stay in that particular search engine (and links it generates within a closed environment) and perhaps I would use it as a homepage. Even now when my child watches television there are certain channels, PBS or Nickelodeon for instance that I have confidence in concerning their programming and others which I do not. If a search engine earns my trust then I will extend that trust to the businesses or sites which have agreed to operate by its privacy principles.

Our household shops and orders many items from the Internet. When I order a toy or book from a site, I would welcome them asking if my child can have permission to visit their children’s area. I could then determine what level of trust I have in that company and would be able to make the decision. Perhaps, I would be allowing them to "drop a cookie" on my computer. Then, later when my child goes to that site they already have my permission. I would expect to be notified by the website if it materially changes it’s privacy policy.

The FTC should distinguish between different types of information collection and make different requirements based on the risk they present. For example, if a child wants to interact with a site in a manner that would benefit him or his family or foster communication among the child and his family, this should invoke a lower burden on the website operator. A creative child may want to create something through a website and send it to a family member, or a child may want to identify products he hopes a family member will purchase for him. If the web site collects a minimal amount of personal information from a child for these types of activities and does not share the information with anyone other than those a child may specify, then I would say this should require minimal government regulation.

In general, unless a site is looking for more personal information than the child’s e-mail address, parental notice in most cases should be sufficient as opposed to advance verifiable parental consent.

Concerning Notice in Section 312.3(b) I will note that I particularly like the manner in which Yahooligans.com places its notice of privacy and would like to see more sites following its example. I also appreciate the intent of Section 312.4(b)(2)(iv) which requires an operator to state whether the third parties to whom it discloses personal information have agreed to maintain the confidentiality, etc. of that information. I would be very interested in reading detailed information about the third parties’ information practices.

I would like to add to one definition listed in Section 312.2 regarding personal information. For personal safety reasons, I would add to the identifiable information list the name of the child’s school. This has the potential to be very sensitive information and should not be collected without a parent’s consent.

I applaud the government’s efforts to make the Internet a safe, friendly environment for children, but hope that in our attempts to make it safe, we don’t discourage creative, personalized, entrepreneurial efforts with excessive costly regulation. You should take some comfort in knowing that many of us will be holding our children’s hands as they cross the Information Super Highway.

Respectfully submitted,

Alison J. Richards
AJR2000@IBM.net