«

»

Jun
10
2008

COPPA Certified Web site Compliance Advisory on Email Exceptions

How to Design Forward – to-a-Friend Features

In December 2007, the FTC updated the Children’s Online Privacy Protection Rule FAQs 27, 30, and 44 – all clarifying compliance regarding email exceptions. Most notably, changes to FAQ 44 clarify how Web sites can use the one-time email exception for a forward-to-a-friend feature.

TRUSTe is now recommending that our sealholders design forward-to-a-friend features on children’s Web sites to not display the sender’s email address or full name, and to immediately delete the recipient and sender’s email addresses from its systems after sending the email message. By doing this, the one-time email exception can be used.

The FAQs now specify three key practices to consider when designing a forward-to-a-friend feature for a children’s Web site.

  1. If the forward-to-a-friend feature immediately sends the message and immediately deletes both the recipient and sender’s email address, the one-time exception can be used as long as the sender’s email address or full name is not displayed within the email or in the from line. The sender’s first name and last initial can be displayed in the email or the “from line” so the recipient knows who initiated the email.
  2. If the forward-to-a-friend feature provides an option to send the message at a later date and retains both the recipient and sender’s email address until the message is sent, then the sender’s parent must be provided notice and the opportunity opt-out of further use of information. The sender’s email address or full name is not displayed within the email or in the “from line.” The sender’s first name and last initial can be displayed in the email or the “from line” so the recipient knows who initiated the email.
  3. If the sender’s email address or full name are displayed within the body of the email or in the “from line”, then the site needs to obtain verifiable parental consent before collecting this information and sending the email.

Additionally, FAQ 27 has been updated to explain what the notice to the parent must contain when a site wishes to utilize one of the email exceptions that require a notice be sent to the parent. FAQ 30 updates further clarify the requirements around utilizing one of the five email exceptions, specifically the requirements around utilizing the child safety exception. TRUSTe sealholders with questions should call their Client Services Manger or Joanne Furtsch at 415-520-3409.

Tell-a-Friend Example.

TRUSTe certified Creative Consumer Concepts develops kid’s birthday club sites for its restaurant clients. The sites have a Tell-a-Friend feature which collect the minimum amount of information needed to send the friend an email telling them about the site.

The friend receives a message and the “from line” has the address for the company sending the message: captaindsb [at] kidsbirthdayclub.com. The sender’s name or email address are not revealed in the “from line” or within the body of the email.

Comments