COPPA doesn't seem that unreasonable. Protecting children from information disclosure while they're under the age of 13 seems very appropriate to me. Once kids are 13, they can begin to disclose at their own discretion, but before that, I can see the case for protecting them.
Of course COPPA doesn't seem unreasonable, and that's why it continues to exist. However, it is a lesson in unintended consequences: Rather than protecting children, COPPA has the effect of banning them from the internet. The subsequent effect of teaching children to lie and exploit the system is just icing on the proverbial cake.
Laws must not be judged on their intentions, but on their practical consequences. The only difference between the current world and a world without COPPA is that in this world, honest kids are prevented from having the same fun that their lying friends are having.
They aren't banned from the internet. They're banned from disclosing personal information (e.g. social networking) without parental consent, which at their age is probably not a bad thing. Wikipedia, Google and the rest of the internet are all fair game. So is any site that goes through with the parental consent part. Sites that do not tailor to kids typically do not go through the hassle because under-13 also means they aren't going to spend any money.
The practical result is that kids are banned from nearly any site that could conceivably discover their age - presumably even by commenting in a forum or on a blog entry.
Actually, nix that. The practical result is that kids are taught to lie about their age. Fortunately this skill will come in handy when it's time to get a fake ID and buy booze.
No, that's not the practical result. You don't run afoul of COPPA by just knowing someone's age; you get into trouble when you knowingly collect the personal information of children under 13 without their parent's permission.
Honestly, I would think this crowd would be more disappointed that "banned from nearly any site" has become synonymous with "unwilling to submit all your personally identifiable information."
Practical - "I do not think that word means what you think it means." COPPA has not forced Facebook, Google, etc to ask parents' permission. The practical result is that COPPA bans kids from these services.
BTW, your website is likely already collecting personal information, including name, email address, and web pages visited. And yes, as soon as you subsequently find out that someone is under 13, you're in trouble.
Is protecting children's privacy orthogonal or even conflicting with protecting children?
Because you make it sound like that.
UPD: Let me show you an example: Pretend we're talking about some law and you're arguing it's not designed to protect me, but to protect my body.
My first thought: the hell are you going to do with my body?
Because, my body is what makes me me. If you protect it but not me perhaps you're going to sell my organs away.
By your analogy, COPPA would be the law that prevents people from collecting and selling children's organs. Because kids are gullible and and it's easy to convince them out of a kidney or two.
Except replace "organs" with "personally identifiable information companies want in order to market shit to you."
The problem with this sort of forced "protection" is that it ruins my social life. That's what happens to children actually. Or I am forced to shrug off your "protection" (entering into the legal grey zone), that's what happens too.
Does this mean if you don't ask for a birthdate on your service, you're safe, or are you required to ask for birthdate and reject anything that comes in under 13?
An easy fix for this: dynamically populate the date drop-downs so you can only select (today - 13 years)
You don't have to ask for a user's age if your site is intended for a "general audience". You'll still need to purge information from users who are discovered to be under 13.
"""
40. I operate a general audience site and do not ask visitors to reveal their ages. I do have a button that users can click to send feedback, comments, or questions by email. What are my responsibilities if I get an email that says, “Hi, I am Steve, age 10, and I really like your site. When do you think you will add some more games?”
Under the Rule’s one-time contact exception, 16 C.F.R. § 312.5(c)(2), you may reply to the child once without sending notice to the parent or obtaining parental consent, if you do not re-contact the child, and you delete the child’s personal information, including email address, from your records after responding to the email.
"""
Legal Corollary of 40: If you send spoofed email to a site operator claiming to be under 13, you could legally force them to delete another user's account.
The sad thing is I think Path responded far better than most others, and they've received a heavy-handed response relative to the abuses of so many others.
They were transparent, admitted their mistake, and corrected it. What's the lesson here? Bury your mistakes and avoid the PR headache and financial penalties?
What "Children protection" means really is "we want to shelve children in a dark dry place until they reach age".
The problem with that kind of thinking is that it will yield toddlers of age. Able-bodied but socially infantile.
The solution to that problem is that those rules are largely ignored by everyone. But this creates the dangerous law relativity where you have these laws but know they're never applied to you. And when they suddently are applied you are in a deep trouble.
No, I assume it's intended to protect the privacy of children.
Seriously, go read it (http://www.coppa.org/coppa.htm). You're getting your jimmies rustled under the pretense that COPPA has anything to do with protecting children from the "evils" of the Internet.
But here's the distinction: the "protection of privacy" is not a subset of the "protection of children."
You're throwing COPPA into the same bucket as every other misguided attempt to shelter children from the boogeymen of the Internet. That's not its intent; you're misinterpreting it.
I judge it on the merit exclusively; that's what you should do with any laws.
By its results. And the results are not pretty: we are now growing a generation of liars who learned to lie by default, as a pre-requisite to everything.
This is old and tired, especially when you throw in emotionally charged phrases like "prey on". Does Facebook prey on its users? Around a billion people don't think so.
Facebook does not allow pre-teens on their site precisely because of this law. I do not think that's a bad thing. The law is not perfect, but it is intended to be a tool to stop people from exploiting kids 12 and under. The exploitation isn't necessarily from the site operator, but other users. If Facebook had a bunch of 11 year olds (and now with Graph Search it would be easy to find 11 year olds near you) the main concern would not be that Facebook would somehow take advantage, but that other people on Facebook would.
These same kids cannot go to a PG-13 rated movie without an adult either, I don't find this especially onerous.
With all due respect, that's between a parent and their child. At the very least, the name COPPA is disingenuous and misleading - I'm pretty sure if it was called the Ban Kids From Facebook law, it would not have the same level of public support.
Also, the MPAA rating system is not a legal requirement. AFAIK, there is no law which prevents 13 year olds from watching PG-13 movies, either in theaters or at home: http://www.theclyde.net/TheClyde_Ratings.htm
"As you may know, we ask users’ their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13."
The gist of COPPA is that you can't collect information about people under 13, without the express consent from a parent. So it's not completely against the law to have 13yo on a social network, it's just common for sites to just refuse kids altogether, mostly out of convenience.
And therefore every kid out there learns that 1) adults are stupid and coward and, 2) you should lie to them all the time, before reaching the age of 13.
This is exactly what happens. I know several 10- and 11- year olds (my gf's sister is 23 years younger) and they all lie about their age to use Facebook and Google - with the knowledge and consent of their parents/guardians.
> with the knowledge and consent of their parents/guardians.
Not coincidently that's all COPPA requires. You can run web services tailored to the under-13 set, you just need to collect parental approval for your young users. Facebook and Google don't bother with it because it's a hassle.
This is not quite correct. It requires provable consent from parents, such as a written letter. It's not surprising that online services do not go through this process.
Again, the actual effect of the law is not what's written in it. The actual effect is that internet companies (like my startup) simply ban the under-13 set. And we just register people for bicycle races!
What mentality would these children acquire? Will it be "play the game" or "fuck the system"? Will they lie, make other people lie, make everyone act as if they're honest; or would they break this grandiose lie into a million thawing bits?
Mostly "this is stupid and I'm going to sign up anyways". My daughter created her own fake Facebook accounts twice before she was 10 and has had one we allowed since she was 11. She original did it to play Farmville and the other Facebook games all her friends were playing.
She also got her GMail account locked out after Google+ launched when she innocently entered her actual date-of-birth when they prompted for it one day. This is the email account that all of her teachers expect her to have - just like all of her fellow students have.
I'm all for protecting kids' privacy, but there should be a parental override available to allow under-13 users onto services.
