Through their own analyses or the help of online advertising agencies, online businesses can track users’ buying, what they look at, how long they look at it, what the referring site was, what other sites were visited, the time of day they browse, and where they live, not to mention the detailed information the browser supplies voluntarily through registration and purchases. Indeed, the browsing public knows the threat of websites gathering their personal information. PriceWaterhouseCoopers found that nearly 77% of those surveyed said that the disclosure of personal details was a barrier to purchasing online. Another 48% stated they do not shop online because they do not trust web retailers. Twenty-seven percent of Internet users surveyed by CyberDialogue said they had abandoned an online purchase because of privacy concerns regarding the abuse of personal data. This apprehension and mistrust have not gone unnoticed by lawmakers. As a result, online businesses must now pay careful attention to an array of privacy laws.
The Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. 6501 et seq., enacted in 1998, applies only to web sites that target children under 12 years old as users or have actual knowledge that information is being collected from a child. COPPA requires that such a web site post privacy policies describing what personal information it collects and what it may do with such information. The law further requires that the online operator get prior “verifiable parental consent” before collecting, maintaining, or disclosing information about the child. The law also provides a “safe harbor” for those web sites that act in compliance with a self-regulatory program approved by the FTC. Any online business that may be marketing toward children must be aware of COPPA and its requirements.