[OpenID] OpenID and the COPPA

tom tom at barnraiser.org
Wed Apr 2 05:27:09 UTC 2008 

Hi Brendon,

All US based OP's and consumers fall under the definition of "The 
operator" - meaning "any person who operates a website located on the 
Internet or an online service and who collects or maintains personal 
information from or about the users of or visitors to such website or 
online service."

If you store personal information obtained via 
SREG/AX/any_other_extension or from a form (as a consumer) or you give 
out information requested by SREG/AX/any_other_extension (as an OP) then 
you will need to comply with COPPA.

Here is the act for those that want to know more -> 
http://www.coppa.org/coppa.htm

Whilst it does not affect OpenID authentication specifically COPPA 
should be noted in guidelines for web developers. If you are concerned 
and you want to check your service then the way around COPPA is to 
provide an Eligibility clause in you terms of service which denies 
service to under 13 year olds. You can find an example in the Facebook 
terms of service - http://www.facebook.com/terms.php - [hint] *In a 
quick survey I found 3 OP's this morning that I know have servers in the 
US and DO NOT have COPPA protection in their terms of service*. Ladies 
and Gentlemen - you've been warned,

Tom







Brendon J. Wilson wrote:
> Hi all,
>
> I'm curious if anyone has given any thought to the possible  
> ramifications of COPPA (the Child Online Privacy and Protection Act)  
> on the proliferation of OpenID? My understanding is that COPPA  
> requires service providers to obtain permission from a parent to  
> collect, disclose, etc information from a child less than 13 years of  
> age. It appears to me that the Simple Registration Extension would  
> qualify as disclosure of the user's personal information, and hence a  
> relying party would need some way to confirm a user's age and parental  
> permission prior to, or perhaps as part of, allowing an underage user  
> to authenticate via OpenID?
>
> Brendon
> ---
> Brendon J. Wilson
> www.brendonwilson.com
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>   


-- 
Tom Calthrop
Founding director, Barnraiser.

Dedicated to giving people the tools they need to share 
knowledge and advance society through social software.

Web site: http://www.barnraiser.org/
OpenID: http://tom.calthrop.info/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080402/f6ba99ca/attachment-0002.htm>

More information about the general mailing list