On Mar 17, 2016, at 8:27 AM, Scott Bradner <sob(_at_)sobco(_dot_)com> wrote:
the lawyers we consulted said that it was important to say what was said
setting up a web site designed for people under 13 is a major effort
(verifying ages of users etc)
this from the Wikipedia article (and we all know that means it is perfectly
correct :-) )
In December 2012, the Federal Trade Commission
<https://en.wikipedia.org/wiki/Federal_Trade_Commission> issued revisions
effective July 1, 2013, which create additional parental notice and consent
requirements, amended definitions and added other obligations, for
organizations that (1) operate a website or online service that is “directed to
children” under 13 and that collects “personal information” from users or (2)
knowingly collects personal information from persons under 13 through a website
or online service.[16]
<https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act#cite_note-auto-16>
After July 1, 2013, operators must:[17]
<https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act#cite_note-auto1-17>
Post a clear and comprehensive online privacy policy describing their
information practices for personal information collected online from persons
under age 13;
Make reasonable efforts (taking into account available technology) to provide
direct notice to parents of the operator’s practices with regard to the
collection, use, or disclosure of personal information from persons under 13,
including notice of any material change to such practices to which the parents
has previously consented;
Obtain verifiable parental consent, with limited exceptions, prior to any
collection, use, and/or disclosure of personal information from persons under
age 13;
Provide a reasonable means for a parent to review the personal information
collected from their child and to refuse to permit its further use or
maintenance;
Establish and maintain reasonable procedures to protect the confidentiality,
security, and integrity of the personal information collected from children
under age 13, including by taking reasonable steps to disclose/release such
personal information only to parties capable of maintaining its confidentiality
and security; and
Retain personal information collected online from a child for only as long as
is necessary to fulfill the purpose for which it was collected and delete the
information using reasonable measures to protect against its unauthorized
access or use.
Operators are prohibited from conditioning a child’s participation in an online
activity on the child providing more information than is reasonably necessary
to participate in that activity.[18]
<https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act#cite_note-18>