Re: [IAOC] [IAB] Proposed IETF Privacy Policy for Review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Mar 17, 2016, at 8:27 AM, Scott Bradner <sob@xxxxxxxxx> wrote:

the lawyers we consulted said that it was important to say what was said

setting up a web site designed for people under 13 is a major effort (verifying ages of users etc)

this from the Wikipedia article (and we all know that means it is perfectly correct :-) )

In December 2012, the Federal Trade Commission issued revisions effective July 1, 2013, which create additional parental notice and consent requirements, amended definitions and added other obligations, for organizations that (1) operate a website or online service that is “directed to children” under 13 and that collects “personal information” from users or (2) knowingly collects personal information from persons under 13 through a website or online service.[16] After July 1, 2013, operators must:[17]

  • Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from persons under age 13;
  • Make reasonable efforts (taking into account available technology) to provide direct notice to parents of the operator’s practices with regard to the collection, use, or disclosure of personal information from persons under 13, including notice of any material change to such practices to which the parents has previously consented;
  • Obtain verifiable parental consent, with limited exceptions, prior to any collection, use, and/or disclosure of personal information from persons under age 13;
  • Provide a reasonable means for a parent to review the personal information collected from their child and to refuse to permit its further use or maintenance;
  • Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected from children under age 13, including by taking reasonable steps to disclose/release such personal information only to parties capable of maintaining its confidentiality and security; and
  • Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
  • Operators are prohibited from conditioning a child’s participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity.[18]

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]