CUNA Comment Letter

Children's Online Privacy Protection Act (COPPA)

February 15, 2005

Federal Trade Commission
Office of the Secretary
Room 159-H (Annex Y)
600 Pennsylvania Avenue, NW
Washington, DC 20580

RE:    Sliding Scale 2005, Project No. P054503

Dear Sir or Madam:

The Credit Union National Association (CUNA) is pleased to respond to the Federal Tradez Commission’s (FTC’s) proposal to amend the rules implementing the Children’s Online Privacy Protection Act (COPPA). The amendment will make permanent the temporary provision that allows website operators to obtain parental consent by e-mail when they collect information from children that is used only for internal purposes. By way of background, CUNA is the largest credit union trade association, representing approximately 90% of our nation’s nearly 9,300 state and federal credit unions.

The FTC issued rules in November 1999 to implement COPPA and included provisions allowing operators of websites directed at children to use e-mails as a means of obtaining parental consent for the collection of personal information from children. These provisions regarding e-mail consents apply to personal information that is being collected only for internal use and must also include a means to confirm that consent was received from the parent. For personal information that a website operator may share with third parties, COPPA has and will continue to require more secure means of obtaining verifiable consents.

These provisions regarding e-mail consents were intended to be temporary and set to expire on April 21, 2005 with the expectation that the FTC would amend these provisions to include updated methods, based on the cost and availability of new technologies that may exist. The FTC now proposes to make permanent the use of e-mails for purposes of obtaining these consents because the expected progress in technology has not occurred.

CUNA supports the FTC’s proposal to make permanent the provisions regarding e-mail consents for information that is used for internal purposes. The use of e-mails, along with a means to verify that consent was received from the parent provides a flexible approach to protect information from children that is used solely for internal purposes.

We appreciate the FTC’s original intent to make these provisions temporary with the idea of amending them to incorporate new technologies that may develop. We agree it makes sense to make them permanent now since the expected progress in technology has not occurred. There is very little, if any, downside to this approach since the FTC will continue to have the authority to change these provisions in a future rulemaking if the technology evolves to the extent that warrants such a change.

The FTC specifically requested comments on what effect eliminating the sliding scale would have on the information collection and use practices of website operators. The current sliding scale approach outlines different consent requirements depending on how the information is used and requires more reliable and costly methods of obtaining parental consent for disclosure of children’s information to third parties, as compared to the methods for obtaining consent for information that is used for internal purposes.

We believe that without the sliding scale controls in place, website operators will be more inclined to release information to third parties, since monetary incentives to use the information for internal purposes only would no longer exist. We believe that external release of information increases the likelihood that the information could be misused and agree with the proposed rule’s Statement of Basis and Purpose that “disclosures to third parties are among the most sensitive and potentially risky uses of children’s personal information.” Therefore, we encourage the FTC to retain the sliding scale approach. By retaining this approach, website operators will continue to have monetary incentives to collect children’s information for internal purposes only. Although a concern may be how to determine if the consent actually comes from the parent, we believe the industry and the FTC can monitor this approach to determine if this becomes a problem and to take any necessary actions if these problems arise.

Thank you for the opportunity to comment on the proposal to make permanent the temporary provisions that allow website operators to obtain parental consent by e-mail for information used for internal purposes. If you have questions about our comments, please contact Senior Vice President and Associate General Counsel Mary Dunn or me at (202) 638-5777.

Sincerely,

Jeffrey Bloch
Assistant General Counsel