Not in compliance with COPPA (federal law)
-
Please modify your software so that it is in compliance with COPPA rules. We are not allowed to collect email addresses of minors without written permission of the parent.
Right now the software is violating federal law.
The system needs to prescreen subscribers and those under 13 can not have persional information stored in the database. Its ok to mail them a password but we can not store any persional information about them, including the email address.
https://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm
I have modified my signup screens in my copy to send minors to another screen telling them they can not subscribe but this is only a work arround.
We need a special minor subscription level built in the software that way minors can make post but we will not have any persional info on them..
-
The back side on phpBB fora is handled through the config page: a place to enter a fax number for faxed parental approvals, at which point the under-13 is emailed hisser password. It’s a nightmare of filing, record-keeping, etc. which is why many people (myself included) simply state “no one under x-age allowed to register or participate”. My sites default to age 18 – legal voting age, if not drinking age, in the US – and the age of majority in most states.
As I said earlier, a friend in this state’s DA’s office informed me that if a minor lied about hisser age to gain access and hisser parents later caused a fuss, I was covered by the disclaimers. I’m not an attorney either, and a nebulous “oh it’s okay if….” from a friend of mine as regards the state in which I live isn’t enough for others to go on of course.
Talk to your attorney if you may be in a position of liability after you study the Act in question.
Lorelle, I think it’s been mentioned, even by Ryan, that this is a plugin issue – it can be done, but the scope and work it will take to do this job is rather large, considering each state. If it’s a US thing, then get a US citizen to do the job. I agree with Podz’s comment in this regard, we don’t need to localise the tool for an American audience, that can be done through plugins.
What’s being asked is no small mean feat, you can get a few US WP users together, do some research o nthis with the OP and put something together, but something like this should NEVER be in the core. To do so would be WP Taking responsibility for the content that users decide to use. Not WP’s job.
WP is for everyone, not one state.
RE: the technical issue. It’s a nonissue. Neither IP addresses nor cookies are COPPA issues. From the webpage in the original post this is the information that is of concern –
The Children’s Online Privacy Protection Act and Rule apply to individually identifiable information about a child that is collected online, such as full name, home address, email address, telephone number or any other information that would allow someone to identify or contact the child.
Aside from that, since tmaster didn’t provide a link, I’m not sure what his particular issue is, but for most of us before we worry about WordPress, it might be more useful to ask why we need any personal information from a child under 13. I’d say that if tmaster’s site is generating negative user comment, he’s doing more than collecting IP addresses in his server logs or serving cookies and he’s probably doing more than just having the standard comment form require an email address.
In the case of COPPA compliance, requiring an email address for the comment form is enough of a reason to either have the form available or completely disallow people under 13 (or 16, or 18, or 21, or whatever) from commenting.
And yes, simply adding the line “Persons under the age of XX are not allowed to leave comments on this page” is enough – it’s called “reasonable effort” and is usually enough to get your ass out of the sling if needed.
No, WP should not be core-localized to any specific location, but for things like COPPA, there should be a mechanism (either a core routine you can enable/disable, or an *included* plugin) to provide the necessary stuff. If this will be a plugin solution, the plugin(s) should be included with WP so people don’t need to put extra effort into their compliance.
Just my $0.02, IANAL, and YMMV.
I say that what we do is we go copy what Blogger, MT, Serendipity, Pivot, Expression Engine and all the other blogging softwares have done.
Oh … they haven’t ? Okaaaayy…And what I originally meant was that if this sort of junk was put into the core, then for me – a NON-US citizen of planet Earth – it would be bloat bloat bloat.
Let’s say it DID get into the core – can Matt afford the legal actions against WP that some damn fool would try ? Can he hell.
This is plugin stuff – a single hook is fine. More code than that would be bloat.
That’s pretty much why I don’t think it should even be included in the overall package – extra KB for non-us users. A plugin of this sensitivity and specific requirement should be outside the, dare say it, “loop” of the normal package and made available from the repository.
The legal ramifications that this would imply upon WP if it were included as tha package (not even as a core) would be almost equally, if not more so, sensitive if it was included as the core. It’s green flag to say WP takes responsibility for user. Let’s not go down this road.
requiring an email address for the comment form is enough of a reason to either have the form available or completely disallow people under 13
Are you positive about this? This law is more barmy than I first thought
The COPPA requirement lists an email address as personally identifying information, so if that email address belongs to someone under 13 (in the US, this would be), they (and it) falls under COPPA’s jurisdiction (so to speak).
If you want to bypass COPPA, then just put that little 1 line disclaimer on the comment form.
On the other topic here, what legal ramifications if it’s included with WP? If some asshat uses WP to spread his jewish-conspiracy/nazi-propoganda/pick-your-racism message, is Matt going to be sued for providing him the tools? If your car breaks down and causes you an injury, do you sue the company that made the wrench that the robot used to tighten the bolt that came loose? No, you sue the asshat. Or you sue the vehicle company. I don’t see how Matt could be held responsible for anything that anyone does with WP. Your logic (including COPPA would infer acceptance of responsibility by the tool-maker) could also mean that including a disclaimer of any kind opens the tool-maker to legal problems relating to everything they’re disclaiming responsibility for.
In other words, it’s a moot point. Content is ALWAYS (well, nearly) the responsibility of the content owner/writer, and WP (and Matt, by extension) cannot be held responsible for that unless he explicitly states that he will accept that responsibility. Including a COPPA agreement (or whatever) does not infer that acceptance.
So I stand (slightly modified to remove potential core bloat). WP *should* include any forms necessary to legally qualify for “reasonable effort” in the content owner’s legal region. This should be in a plugin form (a single plugin, say, with the different forms in 1 or more text files or database records), and allow the content owner to select exactly which (if any) of the forms need to be displayed.
WP is a tool, and every tool more complex than a hammer comes with safety intructions for the user’s protection. Why not WP? Like any other tool, include the standard disclaimer (“WP and it’s developers are not responsible for anything that happens because of your WP site” or some such) and provide safety intructions (in this case, privacy/child-protection guidance – not legal advice, though).
As I said then, let’s copy what all the other blog engines are using – including Blogger. After all, Google would be ever so careful about privacy issues wouldn’t it ??
For UK users, I just happened across the Dept Of Health’s Privacy Policy:
https://www.dh.gov.uk/DHPrivacyPolicy/fs/en?CONTENT_ID=4110944&chk=61mJB6I’d like to echo that this is a non issue for MOST of those using WP. From the first few lines of the link provided:
Who Must Comply
If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that you are collecting personal information from children, you must comply with the Children’s Online Privacy Protection Act.
So my cooking site and my personal/politico blogs are neither directed at children, nor would I know the age of someone who coments at my site. I suppose if a commenter says, “I’m 12 and…”, then I would be obligated to delete the info, otherwise, I don’t care to know anyone’s age.
Now if you are running a blog about PSP or something that a 12 yearold would use, then yes, this law would be something to be concerned with, and you should have been familiar with the law BEFORE starting the site, and choosing an interface that helped you stay in accordance of the law.
</soapbox>just to mention it: in germany – and next time most of EU – you have to make sure that someone really owns an email-adress before you save it.
so if you want to stay in accordance with german laws, you have to send out verification mails at registration and also for notification-plugins.Yep, there are different laws for different locations, which is why I thought it would be too much to try to build a solution into WP, let alone one that people in different locations could depend upon as an absolute solution.
Okay, without the philosophizing:
1. There is no way in the “out of the box” WordPress installation to uncheck a box that says “do not save IP and email addresses in comments”.
2. There is no feature, out of the box, that WordPress has that lets anyone comment without submitting their email address. Like “not requiring people to register when commenting” meaning they can post freely without registering and they don’t have to put in an email or website address and the comment will still go through.
3. There currently is no plugin or PHP code available for WordPress that will:
—> A. Stop IP and email addresses from being saved.
—>B. Pop up a window that says “Click this to verify your claim that you are over 18 before your comment will be submitted to our site.”
—>C. A window view returned upon clicking submit or the second “Are you sure you are over 18” that restates “By submitting a comment here, you are agreeing to the fact that you are over 18.” Similar to “your comment will now be held for moderation”.Now, I have another idea. If a site is using some authimage security thing on comments, could they add text that says, “By entering the above code to verfiy you aren’t a spammer or bot, you are also agreeing to hold this site harmless from your petty crap and stating that you are over 18”?
It seems to me this can be handled by explicit instructions in the Codex on how anyone who has a site aimed at children could “build in” the screening needed if their site is aimed at kids. That way it wouldn’t be in the “core” and yet would allow site owners to add whatever kid-friendly functionality they need to add, maybe in the form of one simple file with a php call for it on the comment post page or as a plugin.
Podz point is taken that we don’t need to be US-centric, and this doesn’t need to be part of the core package, however, in the interest of adding this functionality for those who desperately need it due to their local laws (and couldn’t it be altered to fit ANY set of local laws???) it should be made available as an OPTION for those who need it.
Just a reminder of what the original poster, tmaster, asked for:
“We need a special minor subscription level built in the software that way minors can make post but we will not have any persional info on them..”Unfortunately I’m not geek enough to build this. I’m sure one of you very talented plugin developers or core developers can come up with something . . .
Okay, someone finally reminded me that there is a built in way to do this, and I hope the original poster has not been run off by all of the rest of the non-technical help.
***********HELP IS HERE ************
In the ADMIN > OPTIONS > DISCUSION there is a checkbox next to:
___ Comment author must fill out name and e-mail
If that is not checked, anyone can post and the email does not have to be included.
You can then go into the comment form template file and remove the call for the email address or add a note that this is optional, along with the proper other warnings.
The IP of the commentor is saved because, I’ve been told, your site statistics already records every visitor’s IP and that information is not posted on your site for public use. It’s just a part of how it all works, so it doesn’t matter, as long as you do not use it publicly.
If you would like to run chats that clearly include children, there are a number of PHP ones that could easily run off a static or WordPress Page that have built in features to accomodate the COPPA act. Here is one that works and if you search for “PHP scripts comments children COPPA” you should find plenty more. Integrating these into WordPress is a different issue and there are plenty of discussions about this on this forum.
****************
To the original poster of this question. I would like to apologize for the rest of the forum’s “jump” onto your question and not understanding that you needed help with this and not analysis of whether or not compliance with a federal law was a good thing or not. Whether they know it or not, compliance with web standards and international laws is the responsiblity of a website owner, no matter what software they are using. Still, that is not the purpose of this forum.What is the purpose of this forum is: help. Unfortunately, the beginning of your post didn’t hold a disclaimer that this was a request for help and not an accusation. We are all at fault, but I hope this helps answer your question.
- The topic ‘Not in compliance with COPPA (federal law)’ is closed to new replies.