Protection of Underage Internet Users Impact E-commerce

New Jersey Law Journal      Volume 199, No. 3, Index 141       January 18, 2010



Jonathan Bick  Bick is of counsel to Brach Eichler of Roseland and is an adjunct professor of Internet law at Pace Law School and Rutgers Law School. He is also the author of 101 Things You Need To Know About Internet Law [Random House 2000].

Controversial Internet content increases the desirability to limit minors' access to potentially harmful media material. Such efforts result in both technological restrains, such as Internet content filters, and statutory limitations of Internet content. For the most part, courts do not allow either technological or statutory limitations on speech but allow such limitations on electronic commerce.

Both technological and legal options exist to keep underage Internet users from accessing potentially harmful content and engaging in prohibited Internet activities. Numerous software programs are available which identify and limit access to Internet content and transactions. The focus of this software is to prevent children from accessing online pornography, filter offensive language and allow parental control as well as to prevent minors from buying liquor, drugs and cigarettes from Internet sources.

Both Yahoo and Google have custom software tools to filter and limit what children can access online. For example, users of Google-owned video-sharing Web site YouTube can ‘flag‘ content deemed objectionable. Flagged material is reviewed and explicit adult-oriented videos removed from YouTube, by Google.

Internet liquor, drug and cigarette sellers employ Internet software which attempts to verify the age of the potential Internet buyer prior to allowing the transaction to proceed. Such software use both direct information solicitation, such as the date of his or her birth and indirect information solicitation, such as verifying the potential Internet buyer's input with public databases. Additionally, companies also ask for information normally found in the possession of adults, such as credit card data and driver license information.

While both Congress and federal agencies have successfully limited e-commerce to protect minors, its efforts to implement limitations on e-speech have generally been reversed by court action. For example, the availability of Internet pornography motivated the Congress to made abundant attempts to shield children from parts of the Internet.

The Communications Decency Act, 47 U.S.C. Section 223 (1994), prohibited the transmission of Internet material over the Internet to anyone under the age of 18. This prohibition was found unconstitutional in Reno v. ACLU, 521 U.S. 874. Subsequently, the Child Online Protection Act, 47 U.S.C. Section 231 (2000), required adult Internet site operators to make it impossible for children to gain access to their material. The court made this law unenforceable in Ashcroft v. ACLU, 535 U.S. 564 (2002).

Additionally, The Child Pornography and Prevention Act, 18 U.S.C. Section 2256 (2000), expanded the federal prohibition on child pornography to include computer-generated images of minors engaging in sexually explicit conduct. This legislation was reversed by Ashcroft v. Free Speech Coalition, 535 U.S. 234 (2002).

Congress then changed tactics. In particular instead of attempting to prohibit Internet speech, it tried to filter it. This change in tactics achieved a modicum of success in the Internet speech limitation arena. The Children's Internet Protection Act, 47 U.S.C. Section 254 (2000) (CIPA), was enacted to protect children from being subjected to Internet pornography at the nation's public libraries.

CIPA requires public libraries receiving federal assistance for Internet access to implement a software filtering system that blocks pornographic material from appearing on any public computer terminal in the library. CIPA was unsuccessfully challenged in United States v. American Library Association, 539 U.S. 194 (2003). As a result of this ruling, filtering is now actively used in public libraries across the nation.

While legislation limiting access to speech-related Internet content has been narrow, legislation protecting children from economic abuse is broad. The Children's Online Privacy Protection Act (COPPA) provides the bastion of this protection.

COPPA requires that commercial Web sites obtain verifiable parental consent before collecting personal information from a child under the age of 13. A failure to obtain such consent is an unfair and deceptive trade practice.

COPPA applies to all commercial Web sites and online services directed to children under 13 that collects personal information from children. Note that if a commercial site is directed to a general audience and the site owner or operator has actual knowledge that personal information from children is being collected, that site must comply with COPPA.

To determine whether an Internet site is directed to children, the Federal Trade Commission considers several factors: the subject matter; visual or audio content; the age of models on the site; language; whether advertising on the Web site is directed to children; information regarding the age of the actual or intended audience; and whether a site uses animated characters or other child-oriented features.

To determine whether an entity is an ‘operator‘ with respect to information collected at a site, the FTC will consider who owns and controls the information; who pays for the collection and maintenance of the information; what the pre-existing contractual relationships are in connection with the information; and what role the Web site plays in collecting or maintaining the information.

COPPA applies to individually identifiable information about a child that is collected via the Internet. Such information includes: name, postal address, e-mail address, telephone number or any other information that would allow someone to identify or contact the child. The act also cover other types of information: hobbies, interests and information collected through cookies or other types of tracking mechanisms when they are tied to individually identifiable information.

Compliance with COPPA requires that an operator must post a link to a notice of its information practices on the site's home page and at each area where it collects personal information from children. An operator of a general audience site with a separate children's area must post a link to its notice on the home page of the children's area. Additionally, the hyperlink to the privacy notice must be clear and prominent.

At a minimum, the notice must contain: the name and contact information (address, telephone number and email address) of all operators collecting or maintaining children's personal information from the Internet site; the kinds of personal information collected from children (for example, name, address, e-mail address, hobbies, etc.) and how the information is collected directly from the child or passively, say, through cookies; and how the operator uses the personal information.

It should be noted that an e-commerce site that deals with children must give the parent or guardian the option to agree to the collection and use of the child's information without consenting to the disclosure of the information to third parties. The parent or guardian also has the right to review the child's personal information, ask to have it deleted and refuse to allow any further collection or use of the child's information.

Before collecting child-related data via Internet sites, site operators must make reasonable efforts (taking into consideration available technology) to ensure that before personal information is collected from a child, a parent of the child receives notice of the operator's information practices and consents to those practices.

Such reliable methods of consent include: getting a signed form from the parent via postal mail or facsimile; accepting and verifying a credit card number in connection with a transaction; taking calls from parents, through a toll-free telephone number staffed by trained personnel; and e-mail accompanied by digital signature.

COPPA includes several exceptions that allow operators to collect a child's e-mail address without getting the parent's consent in advance. These exceptions cover many popular online activities for kids, including contests, online newsletters, homework help and electronic postcards.

Prior parental consent is not required when: an operator collects a child's or parent's e-mail address to provide notice and seek consent; an operator collects an e-mail address to respond to a one-time request from a child and then deletes it; an operator collects an e-mail address to respond more than once to a specific request (i.e. a subscription to a newsletter). In that case, the operator must notify the parent that it is communicating regularly with the child and give the parent the opportunity to stop the communication before sending or delivering a second communication to a child. Finally, when an operator collects a child's name or online contact information to protect the safety of a child who is participating on the site.