Is your business' website geared toward kids? If so, you may not want to link to Twitter or Pinterest, or else you may face the wrath of the Better Business Bureau. Just look at what happened to Build-A-Bear.
The always popular Build-A-Bear Workshop removed links to Twitter and Pinterest after the BBB's Children's Advertising Review Unit (CARU) came calling. Build-A-Bear's site failed to comply with CARU's self-regulatory guidelines, as well as the federal Children's Online Privacy Protection Act, according to MediaPost.
The Act, perhaps better known as COPPA, broadly prohibits website operators from collecting personal information from children younger than 13 without parental consent. So what was Build-A-Bear doing wrong, and what lessons can other business owners learn?
Build-A-Lesson 1: Have Fully-Functional Session Cookies.
BuildABear.com, which sells teddy bears and other stuffed animals, requires users to enter their names, emails and other personal information in order to create an account. To comply with COPPA, the site also asks users to enter a date of birth -- and if they are under 13, to provide a parent's email address.
But because of an apparent glitch, Build-A-Bear didn't store that data in a session cookie, reports MediaPost. Tech-savvy kids could take advantage of that lack of a stored cookie. Children who entered their real birthdates and were denied access could simply hit the "back" button on their browsers and try again with a different birthdate -- with zero parental consent involved.
Build-A-Lesson 2: Only Link to Websites That Comply With CARU.
BuildABear.com had links to Twitter and Pinterest on its home page. This is a problem because "neither Pinterest nor Twitter does age-screening and children are able to input personally identifiable information," CARU said in its decision.
The FTC's COPPA regulations generally don't ban links to other sites. Still, to play it safe, it's best to only keep company with those who are also in compliance with CARU's self-regulatory principles.
If you have a child-directed site, don't link to websites that don't comply with CARU's guidelines. Kid-friendly websites should link to other sites that also use age-screening mechanisms if there is a "reasonable expectation" that children will visit.
Follow FindLaw for Consumers on Google+ by clicking here.
- How to Keep Web Businesses Out of COPPA Trouble (FindLaw's Free Enterprise)
- Broken Thumbs Apps Collected Children's Data: FTC (FindLaw's Free Enterprise)
- 7.5 Million Underage Facebook Users (FindLaw's Law and Daily Life)
- FTC Issues 8 New Rules to Protect Children's Online Privacy (FindLaw's Technologist)