June 13, 1997 12:35 PM PDT
Children at center of privacy debate
Children's advocates testified yesterday that popular Web sites such as Crayola, Hasbro's Action Man and Monopoly sites, and Nickelodeon all collect personal data from youngsters, ranging from names and addresses to their parents' annual salaries.
Tapping young people for such information raises red flags for youth advocates and law enforcement agencies concerned with children's information falling into the wrong hands. In addition, they worry that the data could be used to manipulate youngsters (and their parents) into buying certain products.
Most often, these demographics are gathered from minors without parental permission, though children frequently are encouraged to get approval.
Young people will give up truthful details in a heartbeat, according to Mary Ellen Fise, general counsel for the Consumer Federation of America. The organization, along with the Center for Media Education, submitted a report on the data-gathering practices and privacy policies for 38 commercial sites targeted at children.
"Kids love to have questions asked about them. They are very egocentric," Fise told CNET's NEWS.COM. "No site that we visited got verified parental consent for the collection of personally identifiable information."
According to the CFA/CME study, 90 percent of the sites collected contact data from children. In addition, 40 percent of them offered freebies in exchange for vital information.
Sites can use contact data to market features or products directly to young surfers. Most say they don't do this but admit they do use the information to better tailor their content for individual users to be competitive.
During the weeklong hearings, both privacy advocates and FTC commissioners have challenged the idea that companies need personally identifiable information from children or adults to continually improve on their products. The FTC's hearings on privacy issues wrap up today.
In some cases, sites use cartoons or mythical characters to extract statistics from children. For example, Colgate asks for names, email addresses, and ages to send them a note from the "Tooth Fairy" after they've lost a baby tooth. Colgate says it won't disclose any data it collects but adds that the information helps the company in developing and manufacturing products.
The CFA/CME teams want the FTC to suggest strict guidelines for children's sites, requiring full disclosure of what's being collected, how it will be used, and who will have access to the data.
The groups assert that cartoon characters should not be used to solicit data. They also say that unsolicited email should not be sent to children, prizes should not be exchanged for private data, and visitors should not be enticed to give up details about their families.
The online industry is already taking steps to comply in various degrees to those standards through a policy set up by the Better Business Bureau Children's Advertising Review Unit.
However, the CFA/CME guideline that companies are most likely to avoid calls for parental consent, in written or electronic form, before information is accepted from children.
"That would be very time-consuming," testified Arthur Sackler, vice president of law and public policy for Time Warner, at the FTC hearing.
Time Warner develops many sites for children, gathering information from children about things they like as well as suggestions for the sites. The company collects names and home and email addresses for contests or when youngsters submit opinions, but Sackler said the data is kept only for hours to weeks and is then destroyed.
Representatives from KidsCom, America Online, and Yahooligans also testified about their collection policies. The companies all contended they didn't sell data to third parties, posted explicit privacy policies, and that data wasn't used for one-to-one marketing at children.
"We don't give out lists of kids' names--we don't have them," said William Burrington, assistant general counsel to AOL. "We don't market [directly] to kids."
AOL, which has more than 8 million subscribers, said it has also created special kids-only areas and preferences that help parents opt out of data collection.
Software companies are also unveiling new versions of filtering software that they claim will better "protect" children from online data collectors, sexual or violent sites, and just about anything else parents want to block. Today, a prerelease version of Cyber Patrol will be demonstrated before the commission.
The new Cyber Patrol filtering software will support the World Wide Web Consortium's Platform for Privacy Preferences (P3) standards. The Internet Privacy Working Group is also working on the P3 standard, which lets Net surfers use a checklist to decide what kinds of information they want to disclose online. If a site's practices and a user's preferences differ, the user is notified and offered other access options.
Parents can use the P3 standard in Cyber Patrol to disable credit card transactions when their kids are online or block all sites that don't support the P3 standard. In addition, parents can also shield their children from data collection. Different standards can be set for each Net user in a family or household.
"We believe families using the Internet should be given a technological tool that helps them to make choices about the information being collected on their children and how it is used," Richard Gorgens, CEO of Microsystems Software, the makers of Cyber Patrol, said in a statement.
Still, the upgraded Cyber Patrol software may not be available to the public until the end of the year or later.
Some opponents of Net laws, such as those who are fighting the Communications Decency Act, deem filtering software as a better solution than government regulation. The CDA made it illegal to send indecent material to minors over the Net. It is now awaiting a Supreme Court ruling, which is due sometime this month.
Others argue that the software blocks out too much, particularly sites relating to gay, lesbian, and women's issues as well as human rights. It has also been called ineffective.
The Consumer Union, publisher of Consumer Reports, will release a report to the FTC stating that "popular blocking software intended to prevent children from divulging information online can be easily defeated and does not ensure privacy when accessing the Web or sending email."
Clever children can get around the blocks to disclose their private data, he found. For example, the software can be set up to keep kids from typing any personal data on the Net. But on Net Nanny and Cyber Patrol, youngsters can enter an "X" into their names or put a period between their first and last names to clearly display or ship their data online, as the programs only block exact names. Even with typos, it's easy to read and use the information, Fox demonstrated.
Cybersitter was harder to circumvent, but it was still possible, according to Fox. "The security could be better," he testified.
Cyber Patrol's director of marketing, Susan Getgood, responded before the FTC: "Nothing is going to prevent the determined child from going online and disobeying their parents. But Cyber Patrol can help those kids who inadvertently give up information."