[Foundation-l] COPPA

George Herbert george.herbert at gmail.com
Fri Sep 8 18:41:18 UTC 2006


On 9/8/06, Ray Saintonge <saintonge at telus.net> wrote:
>
> geni wrote:
>
> >On 9/8/06, Ray Saintonge <saintonge at telus.net> wrote:
> >
> >
> >>Did I miss something?  What personal information are we collecting from
> >>children?
> >>
> >>Ec
> >>
> >>
> >the content of userpages.
> >
> A new user page is blank.  It has no questions asking for personal
> information, or, for that matter, questions of any sort.
>
> Ec
>
> _______________________________________________
> foundation-l mailing list
> foundation-l at wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/foundation-l
>


From:
http://www.ftc.gov/privacy/coppafaqs.htm
-----

*38. I operate a general audience site and don't ask visitors to reveal
their ages. However, I do have a number of chat rooms. *

*(a) What happens if a child visits my site and posts personal information
in a chat room but doesn't reveal his age?*

The Rule is not triggered. It applies to general audience websites if they
have *actual knowledge* that a particular visitor is a child. If such a site
knows that a particular visitor is a child, then the Rule must be followed
with respect to that child. If a child posts personal information on a
general audience site, but doesn't reveal his or her age and you have no
other information that would lead you to know that the visitor is a child,
then you would not have "actual knowledge" under the Rule and would not be
subject to its requirements. Collecting a child's age, however, does provide
"actual knowledge."

*(b) What happens if a child visits my chat room and announces his or her
age?*

If your site has a chat room and no one in your organization sees or is
alerted to the post, then you do not have the requisite actual knowledge
under the Rule. You may be considered to have actual knowledge with respect
to that child: (1) if someone from your operations sees the post in a chat
room; or (2) if someone alerts you to the post. At that point, you should
delete any personal information that has been posted and either ask the
child for a parent's email address for purposes of providing notice and
obtaining consent to future postings, or take reasonable steps to block that
child from returning to the chat area of the site, whether through screen
name blocking, a cookie, or some other means.

If you have monitored chat rooms where the monitors can delete information
from posts *before* they are made public, then your monitors can simply
strip the child's posts of any personal information before they are publicly
posted, thus permitting children to participate in the chat room without the
need for obtaining parental consent. This practice is easily applied to
"auditorium" style chat in which children pose questions which are screened
to a moderator or guest celebrity.
-----

It would appear on first glance that though Wikipedia is probably exempt due
to being a nonprofit, but that if we were a for-profit then a child posting
their own info in a user page (or anywhere else) would fall under the
Question 38 examples above.

Though this is undoubtedly a foundation business/legal decision, it would
make sense to me that Wikipedia might want to follow that recommended
general purpose website guideline above, even if it doesn't apply as a legal
requirement because WP is nonprofit.  It would seem to be a good general
policy.

The FAQ also recommends that general (non child-oriented) and nonprofit
sites have privacy policies, even if we aren't required to.  That sounds
good to me.


-- 
-george william herbert
george.herbert at gmail.com



More information about the foundation-l mailing list