| Comment Number: | 516296-00011 |
| Received: | 6/27/2005 11:56:57 AM |
| Organization: | Connecticut Rivers Council |
| Commenter: | Peter Reguin |
| State: | CT |
| Agency: | Federal Trade Commission |
| Rule: | Children's Online Privacy Protection Act Rule Review |
| Docket ID: | 3084-AB00 |
| No Attachments |
Comments:
The Commission has asked for comment as to weather or not the Children’s Online Privacy Protection Rule should be retained, eliminated or modified. The title of the rule is in itself misleading in that it appears to protect the privacy of chilrens information on line. In the definition of “Collects”, the Rule defines this as “the direct or passive gathering of any personal information from a child by any means”. I other words it is perfectly permissible for a parent to disclose personal information about a child to a teacher and the teacher can transmit this information to an operator because this is not considered a violation. The same should hold true if a parent gave personal information to a scoutmaster and the scoutmaster elected to transmit this information via the internet, the COPPA rules do not apply because the information was not gathered “from a child”. This rule should be rewritten with a specific intent toward not disclosing information about a child on line regardless of where the source is from. The present rule fails to consider newer technologies that permit the transmission of secure data using the HTTPS method of transmission. This method allows 128-bit encryption and is considered safe by the US Government. The example to use is that in commerce today, it is common for a youth to register for an event on line. They must disclose their personal information in order to register. This information is not shared by the operator and is only used for internal purposes. It is impossible to know if a child or an adult is inputting the information. This type of transmission should be encouraged as a secure transaction in the normal course of business. “343 Section 312.3. The rule does not apply to nonprofit entities. Section 312,2 definition of operator”). This makes entirely no sense. Most of the largest nonprofit organizations in the United States today are youth organizations like Boy Scouts of America. Is the intent of the rule to permit nonprofit organizations to disclose whatever information they wish about the youth in their charge? There are many nonprofit organizations that operate sites for commercial purposes. Are they exempt from this rule? The point of this discussion is that if we are talking about the disclosure of personal information about children under age 13, then why should the terminology of nonprofit or commercial purposes enter into the text of the rule at all. Children come from all backgrounds, profit, and nonprofit, commercial and noncommercial backgrounds. The disclosure of their personal information is what should be critical and not the entities the children align with. Summary: Children do not release personal information about themselves on a public web site, adults do. The child has no mechanisms for distributing their personal information unless an adult makes a facility available to them. The COPPA rule should be redirected toward the publishing of personal information about children on a web site.