FRAMINGHAM (05/01/2000) - The Children's Online Privacy Protection Act, which went into effect a couple of weeks ago, will be the most influential piece of failed legislation to hit the e-commerce world since a federal judge a few years ago tried to reverse telegraph-era case law by ruling that contracts negotiated across a wire aren't legally binding.
On its face, the act seems like any piece of well-meaning but completely impractical legislation. It mandates that sites get permission from a young prospect's parents before asking for personal information from anyone under age 13. Sites can get permission via e-mail unless they plan to share that information with business partners, advertisers or others who might be able to use demographic data for nefarious (i.e. marketing) purposes.
In those cases, the sites have to actually confirm permission by fax or phone - a logistical feat whose likelihood is vanishingly small if the number of targeted tykes grows beyond a couple hundred at best.
The problem is that the act was drafted to protect the privacy of children online while completely ignoring how people interact on the Web. Remember the "On the Internet, no one knows you're a dog" cartoon? Well, no one knows you're a 9-year-old, either.
And that means trouble for nearly all e-commerce sites. Because when the kid privacy act fails, its proponents - people who were already prepared to go overboard to shield kids from all the potential nasties on the Internet - will slam new legislation in place in the worst possible way: in a hurry, at a time when people are overreacting about the whole issue. And that will make the rule more far-reaching, more complicated for e-commerce sites and more draconian.
E-commerce companies must come up with their own legislation that effectively guarantees online privacy and defines when and how consumers can expect their information to be private.
Otherwise, they will soon be put in a position of having to accept outrageously restrictive privacy regulations that endanger the online liberty of their customers. That's because the level of oversight necessary to enforce those rules can come only if the government reserves for itself uses of your corporate data that it specifically forbids to you.
It takes only a couple of irate voters, a couple of members of Congress with a sense of moral indignation and a badly constructed piece of legislation to set this mudslide moving.
The only question is who will be buried when it hits the bottom of the hill.