FTC Fines Xanga for Violating Kids' Privacy

WebHostingGuy writes "As reported by MSNBC, the FTC has fined Xanga.com $1 million dollars for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent. This is the largest penalty ever issued for violations of the Children's Online Privacy Protection Act." From the article: "'Protecting kids' privacy online is a top priority for America's parents, and for the FTC,' FTC Chairman Deborah Platt Majoras said in a statement. 'COPPA requires all commercial Web sites, including operators of social networking sites like Xanga, to give parents notice and obtain their consent before collecting personal information from kids they know are under 13. A million-dollar penalty should make that obligation crystal clear.'" What impact, if any, do you think this will have on other community sites that may not always follow the COPPA statutes?

I don't really see the problem here

[pcgamez]

From the article, the following happened:

People were first presented with a question asking if they were over 13. If the users clicked yes, they proceeded to the registration page. The registration page included fields for birthdays. People who had lied on the first part could then enter their age. The form did not automatically reject users whose birthdates were not at least 13 years prior. In this case it looks like (IANAL) Xanda DID comply with the law. The FTC seems to be punishing them for making it "too easy" to get around it. This is where I have a problem. Where does it end? The FTC could just as easily say requiring a CC (to verify age) is too easy because they could borrow someone else's. There doesn't seem to be a hard line for where reasonable precautions start and end.

"According to the Federal Trade Commission, children who wanted to open a Xanga account didn't even have to show that level of ingenuity. Children merely had to check a box confirming they were over 13, according to FTC lawyer Mary Engle -- even if they'd previously entered a birth date indicating they were under 13. "

Sure, not kids can just as easily lie like they do on myspace and put a different birth year.

Re:what does this accomplish

[westlake]

A 15 year old would not have a drivers license, a credit card, or any other indentification.

Pre-teens have been using plastic for quite some time now. Girls Say Hello Kitty To Hello Debit Card (2004)

Re:what does this accomplish

[AusIV]

First, Xanga does have users enter a birthday when signing up, and if the birthdate shows a person is not 13, they cannot sign up.

The rest is not quite true either. If parents become aware of their kid's xanga, there is a process for having the site shut down. Xanga is huge. It would be incredibly difficult (if even possible) for Xanga to monitor all sites. However I believe they have a process for reporting underage users, and look into reports.

Re:what does this accomplish

[uw_badgers]

First, Xanga does have users enter a birthday when signing up, and if the birthdate shows a person is not 13, they cannot sign up.

Now they do, but apparently there was a period of time where they didn't check the birthdate, and 1.7 million children under 13 signed up. From the MSNBC article:

"Children merely had to check a box confirming they were over 13, according to FTC lawyer Mary Engle -- even if they'd previously entered a birth date indicating they were under 13."

the impossibility of verifying age

[JimBobJoe]

I don't know how a 15 year old would go about this online.

A Time magazine article from a month or two ago indicated that the state attorney general's were having panicked meetings regarding this issue (including the famous quote from the Connecticut AG along the lines of "if we can put a man on the moon, we can verify age online.")

For a time they actually considered requiring sites like Myspace to collect SSNs...and according to the article, they rejected the idea once they realized that most of the world does not have an SSN, but does use the internets.

If that doesn't give you an idea of the caliber of people we're dealing with, I dunno what would. Requiring teens to submit their SSNs to use these types of sites would be a disaster along biblical proportions--imagine how easy phishing would be--all you'd need to do is send out an email that claims it's from Xanga needing your SSN.

Re:what does this accomplish

[Cramer]

You obviously haven't thought about this for very long... If I give my PESEL to a web site to verify who I am, then THEY would also know my number. For example, my name is "foo" and my number is "42". I know my number and the state, who assigned that number in the first place, knows that number. If I give my name as "foo" to Xanga and they ask for my PESEL, then they will also know my number once I've been confirmed. Xanga won't immediately know "foo" is "42" until some state agency, ultimately, confirms it. But, the instant my identity is confirmed, Xanga will also know my PESEL. At such time, the PESEL becomes useless for identification because someone else (lots of someone else's actually) can now pass the same identity check as if they were me. (It's called 'identity theft'.)

Re:what does this accomplish

[thej1nx]

So Xanga is a website that imediately steals your identity? Why you wanted to use it in the first place?

because your logically flawed question missed one thing.

He doesn't minds using it, if they don't have access to his identity in the first place. Same reason you would use hundreds of sites like say slashdot, without caring whether or not they are capable of stealing your SSN.

Because they don't have access to your SSN in the first place.