Better Business Bureau said Friday that a Web site operated by book publisher Harper Collins did not comply with children's privacy rules.
The Ruby Redfort site, touting a book series that
features a 13-year-old girl detective, didn't have procedures in place to obtain verifiable parental consent before collecting names, street addresses and email addresses from children, the BBB's
Children's Advertising Review Unit said in its decision.
The federal Children's Online Privacy Protection Act prohibits Web site operators from knowingly collecting personal data about
children under 13 without first obtaining their parents' permission. (Harper Collins is based in the U.K., but must comply with the children's privacy law because it advertised its site in the U.S.
via the magazine Discovery Girls
, according to CARU.)
The site invited visitors to sign up in order to receive a Ruby Redfort bookmark, and to “win some neat prizes.”
Visitors who did so had to provide their usernames, email addresses, first and last names and full street addresses, according to CARU.
The site also asked visitors to check a box
indicating whether they were younger than 16, and if so, whether they had their parents' permission to sign up. But the site operators didn't take any steps to verify parental consent, according to
CARU reports that the publisher said it only used the data “internally” and never sent the information to outside companies for their commercial use. But CARU faulted
Harper Collins, noting that even if data about minors isn't shared, Web site operators are still required to obtain parental consent before collecting personal information about users under 13.
After the investigation, Harper Collins revised its data collection practices. “The Web site currently asks for age in a neutral manner and employs a session cookie to prevent children
from going back and changing their age to avoid parental permission requirements. The operator also agreed to add a method of parental consent that complies with COPPA requirements for all visitors
under the age of 13 from the U.S.,” CARU wrote in its decision.
Privacy advocate Jeff Chester, executive director of the Center for Digital Democracy, says that the incident
“reveals that major online companies are thumbing their nose at COPPA.”
Hudson Kingston, legal director for the Center for Digital Democracy, adds that the FTC should
investigate the publisher in order to make sure the company isn't still using the information it collected from minors.
Harper Collins did not respond to a request for comment by Online