Mobile Edition
Print
Get the Mag
Weekly UpdatesI. INTRODUCTION
Statistics reveal that approximately sixty-four million adults in the United States use the Internet.(1) Studies also indicate that nearly two-thirds of children have used the Internet.(2) In addition to being a valuable tool to those who use it, the Internet has created unique concerns for users, Internet providers, and lawmakers. Protecting a user's privacy while online is one such concern. A practice that implicates this concern is the collection, storage, and sale of an online user's personal information without that user's knowledge or consent. Such a practice is commonplace in the Internet world. A Federal Trade Commission (FTC) investigation of 1402 Web sites in 1998 revealed that ninety-two percent of those Web sites collected personal information from their users, yet only a fraction notified the user on how that information would be used.(3) The relative ease with which Web sites collect personal information from online users is disconcerting. In fact, the Internet is said to have the "capacity to be the most effective data-collector in existence."(4) The practice of collecting and releasing or selling an online user's information becomes particularly troublesome when the user is not an adult but rather a child. Unfortunately, studies indicate that the solicitation of a child's personal information is dangerously common.(5)
Given that children are signing onto the World Wide Web (Web) in increasing numbers, how to protect a child's privacy online is at the forefront of the "privacy" discussion. As a result, both the Internet industry and lawmakers focused their recent efforts to curb the widespread practice. The Internet industry has made conscious efforts aimed at protecting a child's privacy online.(6) These efforts include requiring that Web site operators post a privacy policy. Recently, big players in the Internet industry have created an informational Web site to alert parents about the dangers of their children roaming the Internet without supervision.(7) In November 1998, Congress enacted: the Child Online Privacy Protection Act (COPPA), which governs online: information collection from children under thirteen years of age.(8) Pursuant to COPPA, the FTC issued a rule implementing the requirements of the legislation.(9) The rule will become effective in April 2000.(10) In addition to legislation and industry efforts, technological tools are currently available that block the transfer of personally identifiable information from the user to the computer.
Attempts to address the matter of a child's privacy online raise the question: Who is in the best position to properly and effectively protect a child's privacy online? This Note attempts to answer this question. Part II discusses the privacy concerns raised by both adults and children online. Part III discusses the recently enacted COPPA and the FTC's Rule implementing the legislation and whether such legislation will prove effective in protecting children online. Part IV discusses the role of the Internet industry in protecting children online and the value of technological tools available to protect against the unwanted solicitation of a child's personal information. After concluding that neither the government nor the Internet industry are in a sound position to secure children's privacy online, Part V proposes the necessary element to ensure that children can enjoy the benefits of the Internet safely.
II. PRIVACY CONCERNS
A. Information Collection
The Internet is unique among other communications mediums in the "variety and depth of personal information generated by its use."(11) The majority of personal information collected online is gathered by Web sites in one of two ways. First, a Web sites collect the user's personal information without the user's knowledge.(12) A user browsing the Web provides the Web site with certain personal information each time that person visits a site.(13) By leaving am "electronic marker" at each site or page that they visit, the user unknowingly provides information to the Web site that can be stored and reused.(14) Unbeknownst to the user, a Web site can then "`know' [a] users' e-mail addresses, the names of their browsers, the type of computer they are using, and the universal resource locator (URL), or Internet address, of the site from which they linked to the current site."(15)
Second, sometimes a user voluntarily discloses personal information to a Web site. For example, various Web sites require users to register in order to gain access or provide certain information in order to complete a purchase.(16) Web site may also provide incentives to the user to provide personal reformation.(17) Many users provide this information rather freely.(18) A survey conducted by Dr. Alan F. Westin revealed that 92% of online users were "concerned" and 67% of online users were "very concerned" about the possible misuse of their personal information online.(19) Despite express concerns, however, surveys reveal that users do not refuse to provide personal information to requesting Web sites and rarely do they provide false information. For example, a study conducted by the Boston Consulting Group revealed that only 42% of online consumers refuse to provide information to requesting Web sites and only 27% provide false information to those sites.(20)
There are other ways to track a user's online activities. New methods demonstrate the ease with which technology can be used to facilitate the collection of personal information. In 1999, Intel released its new Pentium chip labeled with a unique identifying number that could be used to track an online user's activity.(21) Additionally, it was discovered that certain Microsoft operating systems attached the computer's serial number to documents or spreadsheets created by the user.(22)
The dangers and concerns do not arise with the mere collection of personal information. Instead, the concerns surround how this information is later used. Information, whether it is collected by the voluntary of unknowing online user, is often resold to marketers,(23) accessible to public online users,(24) or stored by Web sites for future use or sale.(25) The majority of online participants are unaware of these practices. A survey revealed that eighty-one percent of consumers "believe [that] [W]eb sites do not have the right to resell information about them to third parties."(26) What online users do not recognize is the value of their personal information to online marketers. A user's personal information enables an online marketer to personalize and tailor advertising to a particular individual. Because studies indicate that such advertising receives a more positive response than random ads sent to the online user, companies have a financial incentive to collect users' personal information.(27)
To aggravate the situation, a majority of Web sites fail to provide notice to users about how their personal information will be used.(28) In 1998, the FTC conducted a thorough examination of over fourteen hundred Web sites.(29) The investigation disclosed that nine out of ten Web sites collected personal information,(30) while only a fraction of those Web sites provided the user with notice on how their personal information would be used.(31) More recently, a Georgetown study revealed that while the vast majority of Web sites collect personal information from consumers, about sixty-six percent of commercial Web sites posted a privacy policy.(32)
Despite marked concerns about privacy online, there is currently no legislation restricting the practice of collecting information from online users. In its 1998 report to Congress, the FTC stated that, as for adults, industry efforts looked promising and legislation was unnecessary.(33) However, in the same report, the FTC expressed concerns about children's privacy online.(34)
B. Children's Privacy Online
Studies reveal that the Web sites' practice of soliciting personal information from children is commonplace.(35) Unlike adults, the solicitation of personally identifiable information from children triggers special privacy concerns. There are several reasons to consider children more susceptible to this kind of invasion of privacy.(36) First, children are a group that socially and legally have always been given special protections because they are considered less capable of protecting themselves. Second, children "lack the cognitive ability to recognize and appreciate privacy concerns"(37) and are more trusting than adults. Third, children "may not understand the nature of the information being sought, nor its intended uses."(38) Finally, the mode of solicitation is often too appealing for a young child to resist.(39) In addition to these factors, the lack of supervision while online exacerbates a child's vulnerability to online violations of privacy.(40) A 1998 survey revealed that thirty-six percent of parents admitted that they never supervised their child's use of or access to the Internet.(41)
The availability of a child's personal information online has several implications. First, the information is valuable to marketers who wish to target an eager audience. As a result, the Web sites that collect this information are likely to store or sell the information to turn a profit. In addition to invading that child's privacy, a child or that child's parent is subsequently bombarded with advertisements after the information has been sold to a third-party marketer. Furthermore, it is not clear whether a Web site monitors to whom it provides the user's personal information. For example, in May 1996, a reporter, posing as Richard Allen Davis, a man convicted of kidnapping and murdering a twelve-year-old child, obtained a list of five thousand children living in various neighborhoods.(42)
Second, and equally alarming, are the dangers that arise when a child posts personal information on a bulletin board or provides information to gain access to a chat room. The unsuspecting child not only makes his or her personal information accessible to the public but also makes him or herself available for anyone to address online. An investigation conducted by the Federal Bureau of Investigation and Department of Justice concluded that the Internet is being utilized by predators of children.(43)
FEED