In article <214DF639-87DC-46D7-9731-F51027EBA97E@xxxxxxxxx> you write: >My only issue is that it claims our websites are not for use by children under 13. They most certainly are. No, it says they are not *intended* for children under 13. Words matter, particularly in legal documents, and it's important to read them carefully enough to understand what they mean. Having written a chapter on COPPA for a legal encyclopedia, I can report that the law is actually pretty reasonable, as is the section of our proposed privacy policy. Intended means what it sounds like, there's nothing on our web sites aimed at kids, with typical examples being cartoons and games. It specifically does not mean that children are forbidden to use our sites, nor does it mean that we have to take any measures to keep children out. (For sites that really are intended for children, there's a comprehensive set of rules with compliance generally outsourced to a handful of specialist companies in the marketing and entertainment industries.) COPPA discourages collection of PII from children without their parents' consent, so insofar as we are able, we should avoid doing so. If it became apparent that a participant on an IETF list (or, hypothetically an I-D author) were under 13 it would be a good idea to suspend the child's subscription and tell her to have her parent write to the list owners, so we could explain what the IETF is, how the mailing lists work, and ask whether the parent is OK with her participation. It would also be a good idea since a 12 year old child cannot meaningfully agree to the Note Well. For more info on COPPA, Google is your pal. You're in Canada, and I have no idea whether the IETF's contacts with Canada are sufficent that PIPEDA would apply, although I would guess that our practices would be fine under PIPEDA. If anyone cares I have contacts at the OPC I could ask. R's, John