Current Events in October 1999

The Federal Trade Commission today issued the final rule to implement the Children's Online Privacy Protection Act of 1998 (COPPA), which is intended to protect the privacy of children using the Internet.  The rule takes effect April 21, 2000.

"This final step achieves one of the Commission's top goals - protecting children's privacy online," said FTC Chairman Robert Pitofsky. 

"The rule puts parents in control over the information collected from their children online, and is flexible enough to accommodate the many business practices and technological changes occurring on the Internet," Pitofsky said.

The Commission recommended that Congress enact legislation concerning children following a March 1998 survey of 212 commercial children's Web sites. The survey found that while 89 percent of the sites collected personal information from children, only 24 percent posted privacy policies and only one percent required parental consent to the collection or disclosure of children's information. The COPPA received widespread support from industry and consumer groups.

The statute and rule apply to commercial Web sites and online services directed to, or that knowingly collect information from, children under 13. To inform parents of their information practices, these sites will be required to provide notice on the site and to parents about their policies with respect to the collection, use and disclosure of children's personal information. 

With certain exceptions, sites will also have to obtain "verifiable parental consent" before collecting, using or disclosing personal information from children. 

The issue of how Web sites can obtain "verifiable parental consent" generated the most interest among the commenters and prompted the Commission to hold a workshop devoted to the issue. The statute defines "verifiable parental consent" as "any reasonable effort (taking into consideration available technology) ... to ensure that a parent of a child ... authorizes the collection, use, and disclosure" of a child's personal information. 

The comments and the workshop testimony (available on the Commission's Web site) showed that certain methods of consent provide greater assurances that the person providing consent is the child's parent, but that some of these methods need additional time to develop and become available for widespread use. As noted below, the final rule temporarily adopts a "sliding scale" approach that will allow Web sites to vary their consent methods based on the intended use of the child's information.

Key Provisions of the Final Rule

• Privacy Notice on the Web Site

A Web site operator must post a clear and prominent link to a notice of its information practices on its home page and at each area where personal information is collected from children. The notice must state the name and contact information of all operators, the types of personal information collected from children, how such personal information is used, and whether personal information is disclosed to third parties.

• Verifiable Parental Consent

The final rule temporarily adopts a "sliding scale" approach that allows Web sites to vary their consent methods based on the intended uses of the child's information. For a two-year period, use of the more reliable methods of consent (print-and-send via postal mail or facsimile, use of a credit card or toll-free telephone number, digital signature, or e-mail accompanied by a PIN or password) will be required only for those activities that pose the greatest risks to the safety and privacy of children -- i.e., disclosing personal information to third parties or making it publicly available through chatrooms or other interactive activities.

• Choice Regarding Disclosures to Third Parties

The rule requires operators to "give the parent the option to consent to the collection and use of the child's personal information without consenting to disclosure of his or her personal information to third parties."

• Online Activities for which Parental Consent is Not Required

The rule sets forth several exceptions to the requirement of prior parental consent that permit operators to collect a child's e-mail address for certain purposes. For example, no consent is required to respond to a one-time request by a child for "homework help" or other information. In addition, an operator can enter a child into a contest or send a child an online newsletter as long as the parent is given notice of these practices and an opportunity to prevent further use of the child's information.

• Coverage of Information Submitted Online

The Federal Register notice accompanying the rule makes clear that the rule covers only information submitted online, and not information requested online but submitted offline.

• Role of Schools in Obtaining Consent for Students

The Federal Register notice accompanying the rule makes clear that schools can act as parents' agents or as intermediaries between Web sites and parents in the notice and consent process.

• Safe Harbor Program

The statute includes a "safe harbor" program for industry groups or others who wish to create self-regulatory programs to govern participants' compliance. Commission-approved safe harbors will provide Web site operators with the opportunity to tailor compliance obligations to their business models with the assurance that if they follow the safe harbor they will be in compliance with the rule. Sites participating in such Commission-approved programs will be subject to the review and disciplinary procedures provided in those guidelines in lieu of formal Commission action.

• Enforcement

The statute authorizes the Commission to bring enforcement actions and impose civil penalties for violations of the rule in the same manner as for other rules under the Federal Trade Commission Act.

The following press release was issued by Systemax.

PORT WASHINGTON, NY, Oct. 19, 1999 -- Systemax Inc. (NYSE: SYX) has acquired the assets, customer lists, name, and trademarks of the Proteva brand personal computer business. Proteva PCs are best known for their impressive distribution through large national and regional mass merchandisers and consumer electronics chains. Customers include Sears (NYSE: S), Value America (NMS: VUSA), and The Wiz unit of Cablevision Systems (AMEX: CVC).

Richard Leeds, Systemax Chairman and CEO, said the acquisition is part of Systemax's highly successful strategy of creating a national PC brand on an economical basis by consolidating the largely unbranded "white box" market, which accounts for more than 50% of all PCs sold. Mr. Leeds said Proteva would become part of Systemax's existing domestic PC sales, assembly and service operation.

Proteva filed a bankruptcy petition under Chapter XI on August 30, 1999. Mr. Leeds said Systemax acquired the assets for an undisclosed amount of cash and the assumption of certain obligations. Proteva, which was established in 1988 and was privately held, is based in Posen, Illinois. In addition to Proteva's skilled work force, well known brand and current sales and distribution channels, Mr. Leeds stated that the purchase provides a number of additional strategic advantages:

• Proteva's assembly operation has the capacity to produce more than 200,000 build to order PCs a year, significantly adding to Systemax's capacity to meet increasing demands.

• 
  Proteva has an experienced sales force serving retailers and value added resellers.

• 
  Proteva has been very successful at placing in-store kiosks where consumers can electronically purchase build to order PCs, eliminating the need for costly in-store inventory.

"Combined with Systemax's domestic PC operations, the Proteva assets will enable us to keep up with demand and further expand our penetration in the retail channel," said Mr. Leeds.

FTC Files Suit Against Bogus Medical Billing "Opportunity"

Data Medical Capital, Inc. and its owner Bryan D'Antonio, promised consumers that they could earn a minimum of $23,400 per year using their home computers to process medical bills for physicians with whom the defendants had established relationships. 

The Federal Trade Commission alleges that the defendants misrepresented the opportunities by bolstering false earnings claims and misrepresenting the assistance that consumers would receive in getting medical billing work.

The Commission has asked the court to continue the asset freeze, issue permanent injunctions and order the defendants to pay consumer redress.

The FTC filed its complaint in the U.S. District Court in the Central District of California against Data Medical Capital, Inc., doing business as DataMed and MedCo, and Bryan D'Antonio, also known as Brian D'Antonio. The defendants promoted and sold medical billing work-at-home opportunities via newspaper ads and an Internet web site, "www.medco.net".

According to the FTC, the scam worked like this: Data Medical advertised in the "help wanted" section of various newspapers seeking medical processors. A typical ad stated:

MEDICAL BILLING Nationwide company seeking Billers. PC required. No exp. necessary. Earn $31,500 plus. Call 1-800-262-6595.

The defendants' web site also encouraged consumers to call the listed toll-free number to learn more about the job opportunity. 

When consumers called, they were connected to telemarketers, who went into their sales pitch, emphasizing doctors' need for people to perform electronic medical billing. Consumers were told that the defendants would arrange for the consumer to receive generally between 150-250 claims per week from doctors with whom the defendants had business arrangements, and that consumers would earn from $3 to $5 per claim. 

Consumers were then told that in order to take advantage of the Data Medical opportunity all they would have to do is pay $299 - $399 for a software package, which would include the medical billing software, a tutorial and instruction manual, and the names of their prearranged physician clients. When consumers complained that the Data Medical opportunity had been misrepresented, the defendants would not refund the purchase price.

The FTC complaint alleges that the defendants falsely represented that consumers who purchased the medical billing opportunity would earn a minimum of $23,400 per year. The complaint also alleges that the defendants falsely represented that they would arrange for consumers to receive medical billing work from physicians with whom the defendants had established relationships. According to the FTC, consumers, in fact, did not earn the promised income, and the physicians referred to did not even know of Data Medical and did not want or need the services offered.

The Commission vote to authorize staff to file the complaint in district court was 4-0.

The Commission filed the complaint in the U.S. District Court, Central District of California, Southern Division, in Santa Ana, on October 14, 1999. The judge signed the TRO with Asset Freeze on October 15.

Joan E. Lisante is an attorney who writes frequently on consumer issues.