Re: [IAB] Proposed IETF Privacy Policy for Review

["John Levine" <johnl@taugh.com>]

In article <214DF639-87DC-46D7-9731-F51027EBA97E@nohats.ca> you write:
>My only issue is that it claims our websites are not for use by children under 13. They most certainly are.

No, it says they are not *intended* for children under 13.  Words
matter, particularly in legal documents, and it's important to read them
carefully enough to understand what they mean.

Having written a chapter on COPPA for a legal encyclopedia, I can
report that the law is actually pretty reasonable, as is the section
of our proposed privacy policy.  Intended means what it sounds like,
there's nothing on our web sites aimed at kids, with typical examples
being cartoons and games.

It specifically does not mean that children are forbidden to use our
sites, nor does it mean that we have to take any measures to keep
children out.  (For sites that really are intended for children,
there's a comprehensive set of rules with compliance generally
outsourced to a handful of specialist companies in the marketing and
entertainment industries.)

COPPA discourages collection of PII from children without their
parents' consent, so insofar as we are able, we should avoid doing so.
If it became apparent that a participant on an IETF list (or,
hypothetically an I-D author) were under 13 it would be a good idea to
suspend the child's subscription and tell her to have her parent write
to the list owners, so we could explain what the IETF is, how the
mailing lists work, and ask whether the parent is OK with her
participation.  It would also be a good idea since a 12 year old child
cannot meaningfully agree to the Note Well.

For more info on COPPA, Google is your pal.  You're in Canada, and I
have no idea whether the IETF's contacts with Canada are sufficent
that PIPEDA would apply, although I would guess that our practices
would be fine under PIPEDA.  If anyone cares I have contacts at the
OPC I could ask.

R's,
John