It’s one of the drawbacks of being on Facebook: If you never make any adjustments to your privacy settings, you can assume everyone can see everything you post, or do, while using the giant social media network. Facebook, founded by Mark Zuckerberg in 2004 and now claiming an astonishing 800 million users seems ready to give in to pressure for more built-in privacy, as it negotiates with the Federal Trade Commission to settle claims that it violates users’ rights.
FTC Is Not Surprised That A Lot Of Children Are On Facebook
A timely discussion on children’s online privacy took place yesterday at the Family Online Safety Institute (FOSI) Conference. Panelists reacted to the FTC’s proposed COPPA revisions, as well as recent studies documenting that many children under 13 are on social networking sites with their parents’ consent.
Despite COPPA’s restrictions, “we know that there are lots of kids registering for social networks and other services with their parents’ assistance,” said FPF’s Jules Polonetsky.
“We need to figure out a path to legitimacy for these ‘undocumented immigrants’ [children under 13] so that they can have the benefits of social networking, but with needed age-appropriate protections,” added Polonetsky.
Mamie Kresses, Senior Attorney for the FTC’s Division of Advertising Practices, said she thought the findings from the research “miss the mark in some places” and that it is no surprise that there are a lot of kids on Facebook. Kresses added that parents want to be involved in their kids’ online activity and “that is what COPPA is about.” She emphasized that social networks have the option of providing notice and consent to allow children under 13 to participate under COPPA, while also recognizing that COPPA has costs associated with it.
Kresses reminded the crowd that comments to the FTC’s COPPA Revisions must be received by November 28, 2011. Learn more about the proposed revisions here.
Other panelists included Justin Weiss, International Privacy Director at Yahoo!, Brendon Lynch, Chief Privacy Officer at Microsoft, and Dona Fraser, Director of Online Privacy at Entertainment Software Rating Board.
–Lia Sheena
FPF Co-Chair to Moderate Complimentary Lunchtime Program on Cloud Computing Hosted by Microsoft
For those in Washington, DC, please consider attending this program on Tuesday, November 15th with government and industry leaders on cloud computing, hosted by Microsoft:
French DPA Issues Guidance for Cookie Disclosures: Specific Consents Required for Specific Cookie Functions
In 2009, a French ordinance was put in place pursuant to the EU e-Privacy Directive (2009/136/EC), requiring online businesses and other websites to obtain prior user consent for the placement of cookies on users’ computers. The prior consent issue has been a contentious one in Europe recently, with the Article 29 Working Party rejecting proposals from the IAB for streamlining the consent process. On November 2, the CNIL (the French DPA) published a Guidance which spells out what it means to obtain prior consent for cookies under French law. The CNIL observed that while web browser setting could be one way to obtain consent for the various uses of cookies, browsers have not yet evolved to provide sufficient granularity of choice. Therefore, the CNIL has said that consent must be specific – must refer to specific processing for a defined purpose.
Notably, the CNIL Guidance says:
“Cookies” include such flash cookies, other locally shared objects, and document object models and other web storage areas.
Cookies that have purely technical functions such as shopping basket cookies or local languages do not need specific consent.
A browser setting accepting all cookies without specifying their purpose is not valid prior consent.
Banners at the top of web pages may be used to obtain consent as well as consent forms superimposed on the site, or boxes that can be checked during sign-up to use a site.
Pop ups to obtain consent are discouraged since they often are blocked.
Changes to take-it-or-leave-it terms of use are not adequate for obtaining consent for each kind of cookie, since users might grudgingly accept the terms of use in order to use the site, but still object to certain cookie functions and not have a way of expressing the objection.
Site owners are responsible for third-party cookies including those from behavioral advertising entities.
If consent is given for a third-party advertiser’s cookie, there is no obligation for the advertiser to get consent if the user goes to a different site that displays the same advertising.
Cookies that keep track of users’ choices are permissible without consent.
Violation of the French law on cookie consent can result in a fine of €300,000 but apparently the CNIL is willing to give some websites time to implement the requirements of the law as interpreted by the Guidance.
Nov. 8, 2011 – Privacy Regulators Disagree on Approach to Regulations, Huffington Post
Data and privacy regulators from governments around the world met in Mexico City last week for the 33rd International Conference of Data Protection and Privacy Commissioners. As you might expect, they were joined by companies anxious to be part of the conversation, along with people from nonprofits that focus on privacy issues.
FPF Advisory Board Member Professor Danielle Citron Comments on Study Showing Parents Facilitating Facebook Use for Kids Under 13
FPF Advisory Board Member Danielle Citron, the Lois K. Macht Research Professor of Law at the University of Maryland School of Law comments in Concurring Opinionson a study released this week by Danah Boyd, Eszter Hargittai, Jason Schultz, and John Palfrey that Professor Citron says “sheds new light on COPPA’s failings” and underscores the need for universal privacy protections for all users rather than age or demographic-based protections. She explains:
“Given the current regulatory attention to COPPA, the study could not be more timely or more important. The authors surveyed a national sample of 1,007 parents and guardians who have children ages 10-14 living with them. They found that although many sites restrict access to children, many parents knowingly allow their children to lie about their age–indeed, they often help them do so– to gain access to age-restricted sties in violation of the sites’ ToS. This is true for some of the most popular social media sites and services, such as Facebook, Gmail, and Skype.”
Professor Citron then asks “What does all of this tell us?” She believes that “[r]ather than providing parents and children with greater options for controlling the use of youth’s personal information, COPPA has actually encouraged the adoption of formal limits on children’s access to online services. Those limits are rather meaningless, though.”
Nov. 5, 2011 – Magid: Regulators disagree about approach to online-privacy rules, Mercury News
Data and privacy regulators from governments around the world met in Mexico City last week for the 33rd International Conference of Data Protection and Privacy Commissioners. As you might expect, they were joined by companies anxious to be part of the conversation, along with people from nonprofits that focus on privacy issues.
Nov. 2, 2011 – New Google ‘Transparency’ Feature Aims to Reduce Ad-Targeting Creepiness, Wired News
Data and privacy regulators from governments around the world met in Mexico City last week for the 33rd International Conference of Data Protection and Privacy Commissioners. As you might expect, they were joined by companies anxious to be part of the conversation, along with people from nonprofits that focus on privacy issues.
Google To De-Mystify Ad-Targeting
Wired quoted FPF’s Jules Polonetsky today in an article on Google’s new program called “Why These Ads.” Google announced the new feature to help consumers understand why they receive certain ads. To see the full article and read Jules’ quotes, please click here.
New Study Reveals Unintended Consequences of COPPA
In an effort to comply with the Children’s Online Privacy Protection Act (COPPA), an act that requires parental consent for the online collection of information about children under 13, most social networking sites simply ban children under 13 from using their service. A peer-reviewed study released today, “Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the ‘Children’s Online Privacy Protection Act‘” revealed that “many parents knowingly allow their children to lie about their age — in fact, often help them to do so — in order to gain access to age–restricted sites in violation of those sites’ ToS [Terms of Service].” Read more about the study here.
. Facebook, founded by Mark Zuckerberg in 2004 and now claiming an astonishing 800 million users seems ready to give in to pressure for more built-in privacy, as it negotiates with the Federal Trade Commission to settle claims that it violates users’ rights.