FTC Staff Sets Forth Principles For Online Information Collection From Children

In response to a petition from the Center for Media Education, the staff of the Federal Trade Commission today released a letter that outlines several principles that it believes should generally apply to the collection of personally identifiable information from children online. The FTC staff letter concludes that it is a deceptive practice to represent that a Web site is collecting personally identifiable information from a child for a particular purpose, when the information also will be used for another purpose that parents would find material, in the absence of a clear and prominent notice to a parent regarding the practice. Additionally, the FTC staff letter concludes that a Web site that has collected identifiable information about children must obtain parental consent prior to releasing that identifiable information to third parties.

CME requested that the Commission staff investigate the operation of "KidsCom," an Internet Web site for children ages 4 to 15. The KidsCom site includes a variety of activity areas, of which staff’s investigation focused upon two: a survey page, called KidsKash Questions, and an e-mail pen pal program, called Find a Key Pal. At these locations, KidsCom solicited personal information from children, including name, birth date, e-mail and home addresses, and product and activity preferences. CME alleged that KidsCom’s solicitation of this information was done in a deceptive manner, and that KidsCom failed to fully and accurately disclose the purpose for which it collected the information and the uses made of information.

Staff found that certain practices of KidsCom likely were deceptive or unfair in violation of Section 5 of the FTC Act. Nevertheless, the staff recommended that the Commission not take enforcement action, primarily because KidsCom has modified its conduct in a manner that addresses staff’s concerns.

According to the FTC staff letter, in connection with the KidsKash Question portion of the site, KidsCom "represented that the information collection would enable the children to earn premiums, but did not also disclose the marketing uses of this information." (As the letter notes, KidsCom released the information obtained through KidsKash Questions to other companies in an anonymous, aggregate form.) The letter states that it is a "deceptive practice to represent that a Web site is collecting personally identifiable information from a child for a particular purpose (e.g., to earn points to redeem a premium), when the information will also be used for another purpose which parents would find material, in the absence of a clear and prominent disclosure to that effect." The letter notes that survey information presented at the Commission’s June 1997 Privacy Workshop indicates that a majority of parents object to the collection of personally identifiable information from children.

The letter goes on to explain that, "in order to be effective, any disclosure regarding collection and use of children’s information must be made to a parent, given the limited ability of many children within the target audience to comprehend such information. . . . An adequate notice to parents should disclose: who is collecting the information, what information is being collected, its intended uses(s), to whom and in what form it will be disclosed to third parties, and the means by which parents may prevent the retention, use or disclosure of the information."

Staff also evaluated the KidsCom Key Pal program, in which KidsCom made available children’s information it obtained at the site to other registrants to become "key pals." Staff concludes that it would likely be an unfair practice in violation of Section 5 of the Federal Trade Commission Act to collect personally identifiable information (such as name, e-mail address, home address or phone number) from children and sell or otherwise disclose such identifiable information to third parties without providing parents with adequate notice, as described above, and an opportunity to control the collection and use of the information. The staff letter states that: "In such a circumstance, we believe that before releasing individually identifiable data about children, the company should obtain parental consent." The letter notes that information presented at the June 1997 Privacy Workshop demonstrated that the release of children’s personally identifiable information to third parties creates a risk of injury or exploitation of the children so identified.

CME also alleged that the KidsCom site contained deceptive product endorsements by claiming to provide independent and objective information about certain products when, in fact, the products’ manufacturers made donations to KidsCom to obtain the "endorsement." In responding, the staff states: "The passing off of an advertisement as an independent review or endorsement is a deceptive practice under Section 5 of the FTC Act. This is based on the common sense notion that independent product evaluations are material to consumers, i.e., that consumers reading what appears to be an independent review or news report about a product are likely to give it more credence than they would give what they know to be an advertisement."

In recommending that the Commission not take enforcement action at this time, the staff letter describes several modifications KidsCom made to its site. It notes that "KidsCom now sends an e-mail to parents when children register at the site, providing notice of its collection practices. Parents are provided with an option to object to release of information to third parties on an aggregate, anonymous basis. Most importantly, KidsCom does not release personally identifiable information (in the form of Key Pal information) to third parties without prior parental approval. KidsCom currently requires that parents return by facsimile or postal mail a signed authorization." The letter also explains that KidsCom has eliminated its deceptive product endorsements.

Finally, staff’s letter notes that collection of information from children online is wide- spread. Staff will monitor such practices and recommend future enforcement actions as appropriate.

The views expressed in the letter to CME are those of the FTC’s Bureau of Consumer Protection and do not necessarily represent the view of the Commission or any individual Commissioner.

The Commission vote to release the staff letter was 4-1 with Commissioner Mary L. Azcuenaga dissenting.

Copies of the letter, the agenda and Federal Register notice for the June 1997 FTC public workshop on consumer privacy, a December 1996 FTC staff report on consumer privacy, the transcript of a June 1996 Privacy Workshop, and written public comments on the issue are available on the Internet at the FTC’s World Wide Web site at: http://www.ftc.gov (no period). FTC documents also are available from the FTC’s Public Reference Branch, Room 130, 6th Street and Pennsylvania Avenue, N.W., Washington, D.C. 20580; 202-326-2222; TTY for the hearing impaired 1-866-653-4261. To find out the latest news as it is announced, call the FTC’s NewsPhone recording at 202-326-3710.

Toby Levin,
Bureau of Consumer Protection
202-326-3156

(FTC File No. 9623220)