WordPress.org

Ready to get started?Download WordPress

Forums

Not in compliance with COPPA (federal law) (47 posts)

  1. tmaster
    Member
    Posted 8 years ago #

    Please modify your software so that it is in compliance with COPPA rules. We are not allowed to collect email addresses of minors without written permission of the parent.

    Right now the software is violating federal law.

    The system needs to prescreen subscribers and those under 13 can not have persional information stored in the database. Its ok to mail them a password but we can not store any persional information about them, including the email address.

    http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm

    I have modified my signup screens in my copy to send minors to another screen telling them they can not subscribe but this is only a work arround.
    We need a special minor subscription level built in the software that way minors can make post but we will not have any persional info on them..

  2. Jinsan
    Member
    Posted 8 years ago #

    Interesting. Never thought about that. Though could you just create a disclaimer page?

  3. Lorelle
    Member
    Posted 8 years ago #

    This has been around a very long time. You need to have massive warnings up. I believe (there may be more current info than this) that if you put up warnings, on the page, on the forum, and at the time of "click this to submit", you are covered and don't need to provide user levels to accomodate this, unless you are providing information for kids. Then it gets complicated.

    There are scripts and all kinds of things already out there that will handle this. Check the net and I bet you will find a bunch that you can easily add to your WordPress site. There are some gammers who hang out here, too, and hopefully they will spot this. If not, post again in a few days targetting them specifically with a title like: Need Sign Up for Under Age Only. A lot of people don't know what COPPA is.

  4. Jinsan
    Member
    Posted 8 years ago #

    what's the definition of details though? If an anonymous user visits your blog to comment, enters a username, email and web address is that still a violation?

    This is a US law as far as I am aware, correct?

  5. vkaryl
    Member
    Posted 8 years ago #

    Take a look at the pre-registration info used by phpBB (their software also includes a way to handle under-13 COPPA in the general board configs). My understanding for MY STATE ONLY (Utah) is that if you have a disclaimer specific to your personal site's policy for under-13s, you are covered (for instance, I simply don't "allow" registration by under-13s, spelled out in the disclaimers - yes, they can register and I'll never know until something comes up, but I'm covered by the disclaimer, according to someone I know in the State DA's office.)

    That's because I don't have sites relevant to kids, though. If you have gaming sites, or "kid fun" sites etc. you have to be REALLY careful....

    In the long run, it's not the software's problem, it's the site owner's problem (in the US only!) - you need to handle it, not expect WP to do so.

  6. Lorelle
    Member
    Posted 8 years ago #

    If it is found out later (or whenever) that the poster is underage, you are responsible and can be fined, closed down and stamped on.

    It is a US law but actually other countries in the world have even harsher laws on some of these things. If you have content that is considered "sensitive" to children (whatever the heck that means since I've heard children be more insensitive than adults ;-) ), you are obligated/required to find out what the laws are in your country, but you can get nailed by the country (and their laws) of the poster. Things are a changing and crossing borders on the Internet. It's a complicated and messy business.

    The point is, it is up to YOU to find out how the laws apply to your site. They can come after you with little thought to your rights. They work on the premis that ignorance is not only not an excuse but justification for them teaching you a lesson.

    Did you know that if you have a government run/sponsored/associated with website in England and you are not in compliance with their accessibility laws for equal access (mostly disabled but there are other things), your site can not only be closed down but you can be fined AND sued and possibly worse? They are expanding (last I heard) the law to cover all corporate websites over X size, whatever the X is.

    Ain't it swell to live in the age of litigation.

  7. vkaryl
    Member
    Posted 8 years ago #

    California does something similar regarding personal info for everyone. Thing is, no matter what you do, you may be liable at some point, or at least some high-priced attorney may attempt to prove liability. I do what I can to check out the legalities and liabilities, and don't live in fear over it.... but then, I have really good umbrella insurance coverage too....

  8. Jinsan
    Member
    Posted 8 years ago #

    Well screw the law, I have a disclaimer, it's a crazy US law (though I see the benefits of protection), and that should suffice. It's not so crazy in blighty and there's an 18+ sign so....good enough for me. Plus I dont' keep any details either.

    All you want to do is blog, and all you get is governance on what you can or cannot do. Even on the net. Joy.

  9. vkaryl
    Member
    Posted 8 years ago #

    Yeah. No such thing as freedom....

    "Freedom defined is freedom denied. (Illuminatus)"

    (Actually, you do keep details: they're in the database....)

  10. brainwidth
    Member
    Posted 8 years ago #

    Please note that COPPA does not necessarily apply to all sites allowing registration. From the page tmaster linked to above:

    If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that you are collecting personal information from children, you must comply with the Children's Online Privacy Protection Act.

  11. Jinsan
    Member
    Posted 8 years ago #

    thanks for clearing that up braindwidth. if it's not one thing, it's another. one less thing to worry about:)

  12. Lorelle
    Member
    Posted 8 years ago #

    http://www.coppa.org/comply.htm
    http://www.baselinesoft.com/papers/Does%20COPPA%20Apply%20to%20Your%20Business.pdf
    http://www.lctjournal.washington.edu/Vol1/a004Bryant.html
    http://www.wrf.com/publication_newsletters.cfm?sp=newsletter&year=2001&ID=10&publication_id=10167&keyword=
    http://www.gesmer.com/publications/ecommerce/11.php
    http://www.baselinesoft.com/coppaoverview.htm

    How to provide such compliance:
    1) provide notice to the audience;

    2) obtain verifiable parental consent prior to any use or disclosure of personal information;

    3) provide reasonable access to parents of personal information collected; and

    4) implement reasonable measure to protect the confidentiality, security, and integrity of the personal information collected.

    http://www.baselinesoft.com/ispmemain.htm

    And that's just the tip of the iceberg.

  13. Mark (podz)
    Support Maven
    Posted 8 years ago #

    "Please modify your software so that it is in compliance with COPPA rules"

    And you are WHO exactly to preach ? Go away :)

  14. Lorelle
    Member
    Posted 8 years ago #

    Careful, Podz. I know the poster's note made it sound like it is an attack on WP. It isn't. It is a copy of what they got hit with. Bad presentation, important point, and they are looking for some help from us on how to deal with providing double/triple protection, scripts, plugins, or otherwise to deal with this issue. It is not an attack on WP. I thought so, too, until I really read it.

  15. vkaryl
    Member
    Posted 8 years ago #

    I don't know, Lorelle.... I've read it half a dozen times, and it looks to me like the way Podz read it, too....

    Regardless, it's not the part of the software to cover anyone's ass.

  16. Lorelle
    Member
    Posted 8 years ago #

    >>>We need a special minor subscription level built in the software that way minors can make post but we will not have any persional info on them..<<<

    I'd say that is a plea for help. I'll ask better for this poster.

    1. Are there any plugins or scripts that anyone knows about that will double/triple warn people registering that they better be over 18 and/or ask for parental consent?

    2. How are others handling this issue so we can all learn how to use WordPress comment and interactivity features to accomodate such rules and laws?

    3. If there aren't any simple plugins, how would someone go about adding such stuff to their WordPress site. Sure, a page on policy, a warning in the comments, but what about a window that pops up after posting a comment that asks "Are you sure you are legal to participate here?" kinda thing that requires an extra click before adding the comment to the list. Would that need to be added to the comment template file? How? That kind of thing.

    4. Is it already part of the WordPress User/Author/Comment features that says at X level information about the user isn't entered or saved? How do you turn that on or off.

  17. Mark (podz)
    Support Maven
    Posted 8 years ago #

    No.
    If I create a hardcore bestiality site with WP, then why should I be asking WP coders to provide the access scripts ?

    WP is a tool. It is not the whole toolbox is it ?

    I really do not see this as having the slightest thing to do with WP.

  18. Mark (podz)
    Support Maven
    Posted 8 years ago #

    Oh - federal law ?
    I'm in the UK, and there is a LOT of non-US users too.

  19. Lorelle
    Member
    Posted 8 years ago #

    Whoa. The question is still a WP issue.

    Is there a user level setting or way of setting up WP so that commentors do not have to have any of their email or IP information saved to the site (cookies or whatever method it is done by)?

  20. Jinsan
    Member
    Posted 8 years ago #

    I think this whole thing is frankly a bit out there - what's being suggested is that WP - a tool to and end include within it some procedure to ensure that a law in a certain state is adhered to.

    This is not WP problem, this is the creators problem. There might be a plugin for this, but if you read what brainwidth actually quote it only applies to specific areas. To request that this be a part of WP is nuts, because (contrary to popular belief) there is a world outside of the US where these laws are not applicable. This is a matter of the USER making the correct adjustments to LOCALISE a WP installation.

    Should we have inbuilt procedurs to stop stop a muslim from visiting a site because it may contain material that will offend (no offence to anyone who might be a muslim). Or should we take into account federal laws for every country that WP might possibly installed in?

    Why is this a WordPress problem?

  21. Root
    Member
    Posted 8 years ago #

    And if you will excuse me I am not going put myself under the jurisdiction of US law. Or do anything to accomodate it.

  22. RustIndy
    Member
    Posted 8 years ago #

    Realistically, a software application *should* take into account all federal laws, regardless of origin. The only ones applicable are the ones that affect either the owner of the site or the location of the server (for example, I'm Canadian, but my main server is in Iowa, therefore I *should* have COPPA warnings on my sites, since their physical location is within US jurisdiction - but I can feel free to ignore China's anti-government censorships).

    An argument could be made by someone regarding your site's "primary audience" - so if most of your readers come from the US, you *should* have the COPPA warnings. It's safer that way.

    In the end, something like this should either be part of the WP core or distributed as a plugin *included* with WP.

    Most US laws regarding the internet are stupid and short-sighted, but this isn't one of them. It's worth doing.

  23. Jinsan
    Member
    Posted 8 years ago #

    RustIndy - forums have this sort of things because they take more info than a comment page: they require name, age, username, password, email, location, contact details blah blah.

    If someone wants to do this as a plugin then great, but I still cannot understand how anyone can make WP responsible for the content of other people's sites. It is utterly ludicrous.

    Do I sue Al Gore for signing the agreement that kickstarted the Internet and for exposing me to the possibly of material that may offend me or my family? Do I sue sites which may possibly contain material that will offend me even if I don't visit it? I can't sue MS for not warning me that the Internet is full of "bad sites" which use "Best Viewed in IE" standards.

    Stop making WP responsible for content - it's job is to display content, not to decide how people use it and what rules to follow. WP in no way breaks any federal law that I can see because it allows the USER to decide who can and cannot register. The onus is on the user.

    I don't think it's unreasonable to make this a plugin, and to make it available - but it should not be a core part of WP, nor should it be bundled, because it's a plugin for the US only, what good are those extra kb of crap for a law that only applies to one continent that apply to no one else?

  24. Mark (podz)
    Support Maven
    Posted 8 years ago #

    If this gets into the core, I'll dump WP.

  25. Ryan Boren
    WordPress Dev
    Posted 8 years ago #

    Yes, this is plugin territory. There are too many countries and too many laws. It's up to you to be compliant with COPPA, the EU Directive on Data Protection, US/EU Safe Harbor, or whatever laws may apply to you. If someone writing such a plugin needs an extra plugin hook in WP core to make the plugin possible, we could add that.

  26. DianeV
    Member
    Posted 8 years ago #

    I'll add that anyone who undertakes to write such a plugin is going to have to familiarize him/herself with laws in various countries, state which countries' laws are being complied with in the software, and be prepared for people relying on the software to cover their legal bases. Even if I could, I wouldn't write such a piece of software.

    This is almost akin to requiring Macromedia to have a plugin for updated world-wide privacy policies in its software.

    Somewhere along the line, website owners need to take responsibility for their websites regardless of who writes the software -- and I say that with all due respect. Requiring software geeks to cover legal bases is asking too much, in my view. (I don't ask my lawyer to write software, either. Ever.)

  27. Alan
    Member
    Posted 8 years ago #

    Simple fix -- don't allow anyone who is 13 or under to post a reply on your site. Just state in the comment section that those who comment must be over the age of 13. Problem solved. :)

  28. jwurster
    Member
    Posted 8 years ago #

    WP is a tool. The developers are not responsible for anything. It is up to the user of the tool to do what he or she thinks is right. There is enough functionality in WP for each user to add whatever he or she thinks is necessary.

    You can put a blurb in the Comments php and the Registration php that will say something catchy about having to be older than 13 or 16 or whatever age to post a comment or register.

    jim

  29. Lorelle
    Member
    Posted 8 years ago #

    Okay, folks. WAY WAY out of control. Yes, I understand that the poster started a fire, but can we please answer the technical question:

    Is there a user level setting or way of setting up WP so that commentors do not have to have any of their email or IP information saved to the site (cookies or whatever method it is done by)?

    The question is a technical one, not philosophical or political. It's up to the poster to warn and do other things on their site, but let's tackle the technical question. Is this possible? If not, then that's a different issue the poster will have to figure out.

  30. James
    Happiness Engineer
    Posted 8 years ago #

    Okay, folks. WAY WAY out of control.

    I'll have to agree with that one. IMO, a concerned US citizen and WordPress plugin developer should develop a plugin with this functionality so that concerned US citizens and WordPress users will have the option of installing and activating said plugin, end of story. No changes should be made to the WordPress core for this issue.

    Disclaimer: I am not a plugin developer.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags