COPPA: Ignorance is Bliss for Websites

By: Abdurrahman Erkam Ilhan

February 8th, 2017

Internet has transferred our social life from the real world to a virtual environment by making us addicted to social media platforms. More importantly, this trend is not only limited to adults but also extends to children, whom are even more vulnerable to privacy threats of social platforms. Supporting this point, a recent research shows that, on average, children get their first smartphones at the age of 12 (see the link below). Therefore, a particular concern for the protection of children’s information on internet is essential.

 

The US adopted the Children’s Online Privacy Protection Act (COPPA) in 1998 and authorized the FTC to enforce the Act’s protections. COPPA brings important safeguards such as notice and parental consent requirements but only applies to websites that gather information from children under age 13. In order to avoid these requirements, many websites prohibit children under 13 to use their services. As a result, many children lie about their age when they sign up for a social media platform, and the enforcement mechanism becomes ineffective for them. Knowing this basic fact, internet platforms should cooperate and try to find a way for a better protection. However, it seems that they prefer to benefit from this fact, since they are not held accountable for their users’ fake ages.

 

According to a recent NY Times article, Musical.ly is one of the many applications that claim ignorance to avoid the COPPA. Unlike other applications that have mixed user portfolio, Musical.ly became popular particularly among the youth. Although this was not the initial goal of the company, it obviously benefits from this incident. According to the news article, many of these users are in grade school ages. Similar to other applications, Musical.ly also prohibits children under 13 to use its services. Nevertheless, it does not collect age information from its users, which allows children to use the application without even lying about their age.

 

While Musical.ly simply avoids the COPPA by not collecting age information and claiming ignorance, FTC enforces the COPPA against companies that does the very same thing but also collect age information. In the Xanga.com settlement, the company prohibited children under 13 to use their services (in their terms) but allowed them to create an account when they provided a birthdate indicating that they were under 13. The mere difference between Musical.ly and Xanga.com was that one collected age information while other did not in order to circumvent the laws. In reality, both companies knew for sure that they had users under 13 but having collected its users’ age information, Xanga.com’s practice is held more culpable under the COPPA mechanism.

 

As seen in this example, the current privacy protection mechanisms for children in the US might result with bizarre situations. In the current system, a company can easily circumvent the COPPA’s protections by not collecting its users’ birthdates and placing an extra provision in its terms that it does not allow children under 13 to use its services. Therefore, the COPPA’s protections are very limited in reality for websites that do not specifically address to children. One way to solve this problem is to hold websites accountable for deceitful accounts. It might be controversial to design such a responsibility but it would certainly incentivize websites to prevent children from creating deceitful accounts.

 

Link to the news article: https://www.nytimes.com/2016/09/17/business/media/a-social-network-frequented-by-children-tests-the-limits-of-online-regulation.html