Establishing Digital Trust: Don't Sacrifice Security for Convenience
is once again feeling the lash of the privacy whip as 11 groups Tuesday asked the Federal Trade Commission to look into the Seattle-based e-commerce giant because they say the firm lets children post personal information on its Web site, a violation of a federal law.
This claim, spearheaded by the Electronic Privacy Information Center, argues that Amazon is violating the Children's Online Privacy Protection Act (COPPA) because it lets children 12 years old and younger post reviews of toy products without parental consent.
COPPA was formed in 1998 to protect children's identities on the Web.
The central complaint is that Amazon.com, which sells products from Toysrus.com, Babiesrus.com, and Imaginarium.com, allowed several reviews that contained personal information posted by children to go live. EPIC's argument is that Amazon.com does not effectively manage and monitor its review process, which requires those who wish to post a review of a product to provide an e-mail address and birth date "but not birth year." EPIC said Amazon.com's only apparent COPPA compliance mechanism is bundled in this review system.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i "In the first step of the registration process, Amazon provides a link labeled 'Under 13? Use our Kid's Review Form,'" Epic said in its filing. "In repeated visits to the Amazon site, this link did not direct the browser to the Kid's Review Form; instead, the user was forwarded back to the product page that the user was attempting to review."
EPIC also argued that Amazon.com lures children with bright colors: "Amazon uses colorful and child-like fonts for this portion of the site, while other portions of the site devoted to adult products lack such child-oriented decoration."
Amazon.com spokesman Bill Curry said in many published reports that the claim is groundless because the company does not sell to or target children. He did allow that a software glitch, which has since been corrected, was responsible for the flawed sign-in page.
Experts said the move is actually a tactical, industry-wide play in which EPIC lawyers are hoping to scare other e-commerce sites to follow COPPA laws by going for the sector's unequivocal giant, and by extension, retailers that sell children's products. More broadly, if the FTC agrees with EPIC's allegation, other businesses may be forced to reconsider how they sell children's products.
"I think a lot of sites are operating with Amazon's same approach to COPPA--this "we don't actually sell to children" argument," said Hoofnagle. "That doesn't work. No one *sells* directly to children. You market to children, which then puts pressure on parents to buy the product. We are trying to improve industry practices on collection of children's information across the board. This same complaint could have been written on any number of major Internet retailers that have taken Amazon's approach, but they all change this approach when the FTC takes action."
The FTC has been known to levy fat fines on companies it finds to be in violation of federal laws and this case is not without precedence: Mrs. Fields' Original Cookies Inc. and Hershey Foods Corp. in February agreed to pay $100,000 and $85,000, respectively, to settle FTC charges that they collected personal data from children.
The FTC has said it will review the complaint, but did not offer a timetable for when it will be addressed.
The other complainants include: Junkbusters, Commercial Alert, Consumer Action, Remar Sutton co-founder of the Privacy Rights Now Coalition, The Center for Media Education, Consumer Federation of America, The Privacy Rights Clearinghouse, The Media Access Project, Privacyactivism and Computer Professionals for Social Responsibility (CPSR).