CUNA Comment Letter

COPPA Rule Review

June 27, 2005

Federal Trade Commission
Office of the Secretary
Room 159-H (Annex C)
600 Pennsylvania Avenue, NW
Washington, DC 20580

RE: COPPA Rule Review 2005, Project No. P054505

Dear Sir or Madam:

The Credit Union National Association (CUNA) is pleased to respond to the Federal Trade Commission’s (FTC’s) request for comment on the rules implementing the Children’s Online Privacy Protection Act (COPPA). COPPA prohibits certain unfair or deceptive practices in connection with the collection, use, or disclosure of personal information from children on the Internet. COPPA also requires the FTC to now initiate a review of these rules to evaluate their implementation and to issue the results in a report to Congress. The FTC has issued a request for public comment that is intended to help the FTC in this review. By way of background, CUNA is the largest credit union trade association, representing approximately 90% of our nation’s nearly 9,100 state and federal credit unions.

Summary of CUNA’s Comments

Discussion

CUNA generally supports the rules implementing COPPA and believes the rules have succeeded in providing more privacy protections and safeguards for both children and their parents. For example, the rules prohibiting website operators from conditioning a children’s participation in an activity on disclosing more personal information than is reasonably necessary to participate in the activity protects these children from unknowingly providing information that the parents would not want disclosed.

The FTC has specifically requested comments on the use of credit cards as a reasonable means of obtaining verifiable parental consent. We do not believe that using a credit card is a reasonable means of verifying whether the person providing consent is the child’s parent since children may easily be able to obtain and use their parent’s credit card, without permission or knowledge of the parents.

The FTC has also requested comments on the continued use of a “sliding scale” approach with regard to the requirements for obtaining parental consent, in which less stringent means for obtaining such consent would apply if the information is used internally by the website operator, as opposed to being disclosed to third parties, which would require more stringent means for obtaining these consents. The FTC has previously requested comments as to whether this sliding scale approach should continue.

In our comment letter in response to this earlier proposal, dated February 15, 2005, we supported the continued use of this approach, primarily because a more cost-effective approach is not currently available. We also strongly supported the use of a more stringent and costly consent requirement if the information is disclosed to third parties because this provides incentives to use the information for internal purposes only. Website operators may be more inclined to release such information to third parties if such incentives no longer exist.

Although the request for comment did not address this issue, we support the requirement that the e-mails sent to parents as a means of obtaining consent to use the child’s information contain contact information for the website operator. We believe it is important that this information be sent to parents so that they have a means of contacting the website operator to discuss any questions or concerns.

Thank you for the opportunity to comment on the rules that implement COPPA. If you have questions about our comments, please contact Senior Vice President and Associate General Counsel Mary Dunn or me at (202) 638-5777.

Sincerely,

Jeffrey Bloch
Senior Assistant General Counsel