By Keith Klein and Matthew Fojut


The marketing of products and services started with the shingle outside a proprietor’s store and expanded dramatically over the past century. Franchising proved a significant contributor to that expansion, making it possible for branded products and services—originally only available in a limited geographic region—to be recognized and available to everyone everywhere.

The rise of the Internet has further transformed the scope of marketing, creating new mediums for communication on an immediate and global scale. This transformation has created new opportunities for businesses and, of course, new issues for lawyers. For franchising, with its history of relegating global marketing to the franchisor and local marketing to independently owned franchisees, this new, easily accessible, and pervasive medium has proven problematic.

Imagine, for example, that a New York City franchisee offers a discount to the first fifty customers who respond to a Twitter post. With thirty franchised locations in Manhattan, consumers may be unable to determine which locations are extending the offer. This may result in confused consumers responding to “tweets” at nonparticipating locations and, equally troubling, frustrated franchisees embroiled in disputes with neighboring franchisees after being forced to honor another’s social media promotions. Requiring franchisees to identify the participating locations on social media posts sounds like an easy solution, but it may not be feasible on sites such as Twitter, where precious few characters (limit of 140) are permitted.

As counsel to businesses that seek to embrace the Internet, practitioners are expected to understand Internet marketing, identify potential legal pitfalls, establish a legal framework to pursue Internet-based endeavors safely and effectively, and respond to issues as they arise. This chapter seeks to familiarize counsel with the dynamics of online marketing, both to consumers and prospective franchisees, on general communications, and offer some practical and legal solutions for franchise systems. Additional information concerning the structure and operation of national marketing funds, and local advertising and cooperative advertising can be found in Chapter 7 of this publication. Because Internet marketing continues to develop, practitioners are encouraged to stay current on legal developments and confirm the state of the law before providing counsel on material issues.2


The prevailing forms of communication on the Internet are generally categorized into three formats. The original format, known as Web 1.0, consists of one-way broadcasting in which only the business (or Web site owner) publishes information and no meaningful way exists for the user to respond in the same medium.3This is most closely analogous to television and radio advertising. Web 1.0 enables a Web site publisher to control its messages carefully, vetting content before publication and modifying content at its discretion. Because of this extensive control over content, Web 1.0 communication has been widely embraced and now, barely fifteen years since its introduction, it is deemed an almost mandatory component of marketing in the modern-day business environment.

The second form of communication, known as Web 2.0, encompasses previously unavailable forms of mass communication, whereby a conversation between the author of the content and others is broadcast worldwide in microseconds in a medium that enables others to comment or participate equally as immediately.4 At present, the most widely recognized Web 2.0 format is social commerce, a broad term that refers to user-generated advertorial content on e-commerce sites that allow consumers to advise one another about and help each other locate goods and services for purchase.5 This includes all Web sites containing customer ratings and reviews, shopping tools, forums and communities, social media applications, and social advertising. With the recent exponential growth of these Web sites, Web 2.0 is a major focus of online marketers today, but many businesses have not embraced Web 2.0 as fully and quickly as they embraced Web 1.0. Some of those who have entered the world of Web 2.0 have experienced great success, while others have experienced potentially devastating consequences, thus many businesses have simply remained on the sideline waiting for the practical and legal landscape to become more clearly defined.

Even as Web 2.0 continues to evolve and gain traction, technological developments have brought the Internet to the cusp of the third form of communication, Web 3.0. This term, reportedly coined by New York Times writer John Markoff, refers to an “intelligent web” that converts the Internet into a personalized catalog “with the machines doing the thinking” instead of an aggregation of billions of documents that can be vetted through Boolean and other rudimentary electronic searches.6 As of the date of publication, Web 3.0 has not developed in a manner that permits a meaningful discussion about its impact on franchising or its legal ramifications, but it will no doubt present further unique complexities for franchise systems.


The first steps in establishing a presence in the traditional marketplace are staking out real estate and developing a brand. The Internet marketplace is no different, though practically speaking, these first steps are easier and cheaper to accomplish. As the Internet business environment continues to grow, however, the relative ease and low barrier to entry have created congestion and given rise to issues not experienced in the traditional marketplace.

The first critical issue unique to the online environment is the particular scarcity of Internet real estate–domain names. Under trademark law, a fast casual dining brand and a day spa brand could co-exist in the marketplace with the same trade name without issue. On the Internet, however, room exists for only one business to have the name associated with [brand].com, which therefore generates significant demand for that particular online real estate. One relatively high-profile and early example of this problem was a dispute over the domain name www.candyland.com between an adult entertainment provider (which had registered the name first) and Hasbro, a well-known board game manufacturer.7 Further complicating things is the fact that other businesses, whether for legitimate or nefarious purposes, may seek to obtain a domain name that is, for example, one typographical error away from being an identical domain name. As a widely discussed case in point, Zero Micro Software obtained a registration for micros0ft.com (with a zero in place of the second “o”), leading Microsoft to send a cease and desist letter, which ultimately led to Zero Micro Software’s discontinued use of the domain name.8

Clearly, the apparently limitless resources of the Internet quickly narrow under the demands for unique domains, and the same issue has quickly developed in the realm of social media sub-domains, which will be addressed later in the chapter. While every business seeking an online presence faces the real estate scarcity issue, the situation is significantly more complex in the world of franchising. Until recently, Internet marketing was largely reserved for the franchisor to focus on building overall brand recognition. With the evolution of Web 2.0, however, franchisees have expressed frustration about their inability to tap the Internet’s ability to enhance regional marketing as well. With franchisee pressure increasing, how can a system maintain control over domain names and social media sub-domains (particularly those containing its trademark) and at the same time enable franchisees to embrace the Internet and social media?9 To address those questions, it is first necessary to understand the process for the registration of domain names and social media sub-domains.


Until recently, securing domain name rights only involved two primary steps: (1) obtaining trademark rights and (2) registering the desired brand with a Top Level Domain (TLD), e.g., .com, .net, or .org, by purchasing it from either a domain registrar or a private party. Ongoing developments with TLDs and the proliferation of social media sites now necessitate a more strategic and forward-thinking approach to this process.


Almost inherently implied in an online brand presence is the existence of a trademark or trade name. The process of registering a trademark is not addressed in this chapter, but a brief discussion of related issues is appropriate. Some of the most frequent and potentially costly missteps in registering a domain name occur when the registrant fails to undertake an adequate trademark search and further fails to register the domain name with the United States Patent and Trademark Office (USPTO) without the TLD. For purposes of a good faith search before submitting an application, a search engine query of the desired domain name is a decent first step; however, a full trademark search should be conducted before investing substantial capital to purchase the domain name and brand the underlying Web site.10

The proliferation of branded Web sites since the late 1990s has placed quite a strain on the federal trademark framework.11 It stands to reason that the USPTO examiners (and possibly judges and juries) may take into account the dearth of available trademarks and favor new brand entrants to stimulate new business ventures—potentially having the effect of shrinking the existing protections of current trademark owners. There seems to be good news and bad news for brand owners from such a phenomenon. While it may become easier to secure domain and related trademark rights as a new brand entrant, new brand threats will undoubtedly emerge in the future. It is already challenging to (1) conceive of a powerful and relevant brand, (2) register a domain name related to the brand, and (3) get comfort that the brand does not infringe upon another’s trademark. As the Internet continues to expand, it will narrow the breadth of protection afforded to trademark owners.


Formed in 1998, the Internet Corporation for Assigned Names and Numbers (ICANN) is a not-for-profit, public-benefit corporation responsible for coordinating and ensuring the overall stability of the global Internet’s systems of unique identifiers: domain names, Internet protocol numbers and autonomous system numbers.12 The technical management and operation of the Internet is not particularly relevant to franchise law practitioners, but as briefly described now, monitoring ICANN’s management is becoming increasingly important.

In the 1990s, the domain name registration process was rather simple—go to www.networksolutions.com or another of the then relatively few registrars, enter the desired name and limited additional information, pay a registration fee, and enter the date for the expiration of the registration. Today, however, even the relatively mundane task of registering a domain name involves strategic and budgetary considerations.

First, almost everyone seeks a .com, .net, or .org domain name. Unless the desired name consists of a “fanciful” trademark,13 it is now rare to find domain names available for registration or for purchase from third parties at a low purchase price. Strategies to obtain the desired domain can vary. If assigned the task of registration, some basic issues should be considered.

  1. Investigate Registration Options. Merely inquiring at an Internet registrar regarding availability of a proposed domain name may alert others of interest and thus enhance the potential value of the name. Therefore, when conducting an inquiry, be prepared to execute immediately if the name is available, otherwise the name may be registered shortly thereafter by others. In all likelihood, the domain name being sought will already be registered and either actively used for a primary purpose Web site or parked by the registrant for an alternative purpose. In either event, be sure to review the registration information carefully as the name may be scheduled to become available soon or, at a minimum, the expiration date may provide insight regarding the current registration’s length of use and how the registrant obtained ownership of the domain name.
  2. Evaluate the Current Use of the Domain Name. Pre-existing use of the domain name as a primary purpose Web site typically bodes poorly for an easy or inexpensive acquisition, unless it is being overtly used by a competitor or other party for an improper purpose, a process often referred to as cybersquatting (see Section III.A.3 below). Most cases of cybersquatting are readily apparent, but a more discreet form of cybersquatting occurs when domain name registrars and private parties “park” domains and place search engine links on the parked Web pages, thereby deriving revenue from unsuspecting traffic searching for branded Web sites.14 While this practice is generally legal, it may cross the line when implemented as a way of driving traffic to a competitor’s Web sites.
  3. Develop an Acquisition Strategy. Efforts to purchase an existing domain name through a negotiated business transaction require a comprehensive understanding of the marketplace, an investigation of the registrant’s intended purpose, and some luck. Basic steps should include the analysis of a legal right to acquire the name, the expression of interest conveyed from a generic e-mail account, and the use of a simple but comprehensive domain name assignment agreement. Sending an expression of interest from a law firm e-mail account and using complex assignment agreements can imply an enhanced value to the name. If current use of the domain name involves cybersquatting, evaluate the likelihood of success through available legal recourse and the associated costs.

A second strategic step when registering domain names involves investigating other available potentially useful domain names. This may seem intuitive, but consider other TLDs as well. As the Internet further expands, this may become critical. For example, ICANN has already started accepting applications for new TLDs to provide more innovation, choice, and competition on the Internet. Additional TLDs may be in the works as ICANN continues to solicit input about opening TLDs to any string from three to sixty-three characters in length, which may be supported by a number of other scripts (e.g., Chinese, Arabic, etc.). Groups representing cities such as New York (i.e., .nyc), charities (i.e., .green), and generic terms (i.e., .franchise, .hotel, .autos, etc.) have previously expressed interest in proposing new TLDs. Even multi-national companies have expressed interest in their own TLD, i.e., .deloitte.15 Keeping current with the proposed TLDs and possibly proposing others may become an integral part of the domain name registration process. For some franchise systems in particular, it may make sense strategically and economically to create a TLD with the brand name.


As mentioned above, companies often encounter the problem of cybersquatting when attempting to register a specific domain name. Cybersquatting occurs when someone registers or otherwise uses a domain name with the intent to profit from the goodwill of a distinctive brand belonging to someone else, or holds the domain for ransom.16

The Lanham Act proved inadequate as a comprehensive resource for trademark owners seeking to compel transfer of domain names from a third party. While it provided businesses with a sufficient remedy against another company offering the same or similar products or services—based on a likelihood of confusion—it failed to work as a powerful tool for trademark owners pursuing claims against registrants that used the mark for other potentially improper purposes. For example, it was virtually impossible to prove several elements of Lanham Act claims against individuals who did not use the trademark in commerce and merely sought to extract a significant payment for the domain name. Indeed, the Lanham Act struggled to be effective in most cybersquatting cases unless the claimant could demonstrate that the mark at issue was deemed “famous” as contemplated under existing law.

In an effort to address some of the Lanham Act’s weaknesses, in 1999, federal legislation known as the Anticybersquatting Consumer Protection Act17 (ACPA) was enacted to prevent the registration of domain names containing third-party trademarks to registrants not intending to create a legitimate Web site, but rather intending to sell the domain name to the trademark owner at an inflated price. Pursuant to the ACPA, a trademark owner may bring a lawsuit against a domain name registrant who registers or uses a domain name that is “identical or confusingly similar” to either a distinctive trademark or dilutive to a “famous” trademark and has a bad faith intent to profit from such use of the domain name.

Filing a lawsuit alleging violations of ACPA can be expensive and time consuming—both major impediments to launching a successful online brand presence. It is thus important to know that ICANN implemented the Uniform Dispute Resolution Policy (UDRP) as a mechanism for brand owners to easily and efficiently address the problem of cybersquatting better. Under the UDRP, as part of the registration of any domain name, the registrant consents to participation in the UDRP’s form of alternative dispute resolution and agrees to abide by the dispute resolution’s results. The success rate of reclaiming a domain name under the UDRP is high (near 85 percent).18 The typical dispute resolution takes less than a month and costs less than $3,000. The recent trend of dispute resolution panels under the UDRP is to place a burden on the alleged cybersquatter to show some evidence of performing due diligence to determine whether registration of the domain name in question infringes the rights of any third party. This is noteworthy as it could expand the scope of registrations that might be subject to a bad faith argument. New registrants should therefore also be aware of potential affirmative duties in selecting and registering domain names.


The proliferation of social media Web sites has created new worlds of Internet real estate where establishment of the brand may be critical. Many social media Web sites enable a company to establish its own page to attract and communicate with consumers participating in the site’s particular activity, i.e., www.[social-mediaWeb site].com/brandname. Registering a brand on social media sites is generally not complicated. Facebook.com, for example, encourages brands to develop a community on its Web site. Registering a brand on the site involves nothing more than clicking the link on the lower right portion of the facebook.com homepage and following the prompts.

Unlike domain names, however, registration of a Web page on a social media Web site is not subject to ICANN directives, and instead generally falls within the jurisdiction of the company administering the site. Oftentimes, this actually provides for a more orderly administration of Web pages. For example, unlike ICANN’s administration of domain names, social media Web sites generally prohibit use of generic names—such as food, hotel or franchise—as the sub-domain name, thereby prohibiting one brand from dominating an entire generic category. Most social media Web sites also require the registrant to affirm that he or she is the brand’s authorized representative to create the Web page, which can help deter or prevent others from taking a brand name subdomain without authorization or a legitimate business purpose. Because companies desire to have brand presence on multiple sites, and the preferred sites can change rather quickly, familiarity with the unique terms and conditions of each of the most popular social media Web sites du jour has become increasingly critical for a practitioner desiring to be conversant in social media issues.19


Social media Web sites have established their own policies to address claims of infringement on trademarks and other intellectual property. A survey of the policies of some of the more popular social media Web sites is set forth below:

  • Facebook. Facebook has established a procedure for parties that are either cybersquatting on a trademarked username or are falsely posing as another party. To report cybersquatting, a claimant must complete a form requesting that the username be transferred.20 For impersonators, claimants must go to the impostor profile, click “Report this Person,” check the “Report this Person” box, choose “Fake Account” as the reason, and add “Impersonating me or someone else.”21
  • Pinterest. Pinterest, in appropriate circumstances and in its discretion, may “disable and/or terminate the accounts of users who repeatedly infringe or are repeatedly charged with infringing the copyrights and other intellectual property rights of others.” In accordance with the Digital Millennium Copyright Act of 1998, Pinterest will respond expeditiously to claims of copyright infringement that are reported to Pinterest’s Designated Copyright Agent.22
  • Twitter. Twitter maintains a trademark-specific policy that bars “using a company or business name, logo, or other trademark protected materials in a manner that may mislead or confuse others with regard to its brand or business affiliation.”23 In instances where there is “clear intent to mislead others” through the unauthorized use of a trademark, Twitter will suspend the account and notify the account holder. When there is confusion about the account, but it is not “purposefully passing itself off as the trademarked good or service,” Twitter will notify the accountholder and provide him or her the opportunity to clear up any potential confusion.24 Twitter allows for commentary, news feeds, and fan accounts to discuss trademarked material, as long as the account information does “make it clear that the creator of the account is not actually the company or business entity that is the subject of the news feed/commentary/fan account.”25 If the account is “reported to be confusing,” Twitter may request that the accountholder make additional changes. Twitter also provides for a reporting process in the event that a claimant discovers a violation of the trademark policy.26 The procedure allows for the claimant to specify the requested action, including “removal of infringing account, or transfer of trademarked username to an existing company account.”
  • LinkedIn. LinkedIn uses a general catch-all policy to prohibit all types of intellectual property infringement. The site requires that “information posted by Users be accurate, lawful and not in violation of the intellectual property rights of third parties.”27 In enforcing this policy, LinkedIn may remove or disable access to infringing content if it receives the proper notification that the content “infringes intellectual property rights, is inaccurate, or is otherwise unlawful.”28 LinkedIn also permits users to refute claims of infringement by submitting a counter-notice.29 LinkedIn will, “in appropriate circumstances and in [its] discretion,” disable the accounts of repeat infringers.


It is important for brand owners to understand that the ACPA, UDRP, and social media terms and conditions will not trump basic guarantees of free speech. Almost all successful brands face critical commentary at one time or another. Many online brands will find themselves the subjects of so-called gripe sites.30 Gripe sites are Web sites or social media Web pages devoted to criticism and complaints of certain brands and can certainly test brand loyalty. For the most part, such Web sites are protected commercial speech. In a U.S. district court case arising out of the ACPA, the court reaffirmed that gripe sites are protected under the First Amendment, and in most circumstances will not be subject to a claim of bad faith under the ACPA.31 In deciding whether the defendant had registered its domain names www.mayflowervanlinebeware.com and www.mayflowervanline.com with the bad faith intent to profit from the plaintiff, the court found the “Defendant’s motive for registering the disputed domain name[s] was to express his customer dissatisfaction through the medium of the Internet” and was therefore not in bad faith. UDRP panels are likely to follow this reasoning as well.

While the battle may be difficult, there may be some relief for brand owners in challenging gripe sites. In Career Agents Network, Inc. v. Careeragentsnetwork. biz,32 the court held that a site that has no commercial purpose, but merely contains commentary and criticism, is protected.33 Such a decision suggests that, if there is any profit motive on the part of the owner of the gripe site, the brand owner might prevail. Profit motive may be established if the Web site is displaying search engine links using the brand or if the owner of the gripe site has some connection with a competitor.34 Another way to prove profit motive is to offer the gripe site owner payment to take down the site or retract the criticisms. If the owner accepts or negotiates the payment amount, that evidence could be used in favor of the brand owner. However, the publicity of such an attempt could backfire on the brand owner.


With domain names and social media pages secured, the skeleton of an Internet presence has been created. Determining the content to be included on the Internet presents the next challenge. For company Web sites, it is essential to include Web 1.0 features, such as descriptions of offered products or services, available locations and contact information, competitive marketing information, and promotional materials. Determining Web 2.0 content demands more ingenuity and forethought. The following includes a brief discussion of some generally applicable laws.


A primary concern with Web 2.0 content involves claims of infringement upon third-party rights for user-generated content. Two federal laws, The Digital Millennium Copyright Act and the Communications Decency Act, address this area of concern. Another major concern involves the rules of engagement with minors, addressed by additional federal legislation known as the Children’s Online Privacy Protection Act.


Potential liability arising from a third party’s works of art contained in user-generated content posted on the company’s Web site or social media Web page is a legitimate and natural concern faced by all participants in the social media process. In 1998, well before the onset of social media, Congress enacted the Digital Millennium Copyright Act (DMCA), in part to address potential copyright liability occurring on the Internet due to acts of individuals other than the Web site owner/operator. Title II of the DMCA, called The Online Copyright Infringement Liability Limitation Act,35 establishes a safe harbor for Web site operators from copyright infringement claims, provided that the Web site qualifies for such protection and the operator expeditiously complies with the statute’s provisions in the event of an infringement claim.

To qualify for protection under the DMCA, a company or individual must be an Internet service provider (ISP) or an online service provider. What does that mean? Although the definition has yet to be heavily litigated, in its most simplistic sense, the term encompasses any company that provides an online service, such as Web sites, discussion forums, chat rooms, Web mail, etc. The limited cases interpreting the meaning of the term have embraced a Congressional directive to interpret the phrase broadly.36 In addition to falling within the definition of “service provider,” a Web site also must “not receive a financial benefit directly attributable to the infringing activity” and it must not have actual or constructive knowledge that it is hosting the infringing material.37 The existence of a repeat infringer policy is also critical for service providers to avail themselves of the DMCA’s safe harbor provisions. Service providers must have a “policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers.”38

A recent landmark case concerning DMCA protection is Viacom Int’l, Inc. v. YouTube, Inc.39 Viacom filed suit for $1 billion in damages against the YouTube creators alleging deliberate copyright infringement allowance to build traffic to the Web site. Viacom had sent a list of 79,000 takedown notices for removal, and YouTube promptly removed the content the next day.40 The trial court held that YouTube did not have actual or “red flag” knowledge of the copyright infringement, despite strong evidence in the form of e-mails amongst YouTube’s founders stating otherwise. The court deferred to YouTube’s repeat infringer policy: “three strikes and out.”41 Although YouTube gave one strike for any takedown notice with multiple videos and one strike for multiple takedown notices within two hours, the court accepted the policy as long as something was in place and enforced. However, on appeal, the court held that YouTube committed willful blindness, and did in fact have “red flag” knowledge of the copyrighted material. The reversal by the court of appeal suggests that service providers may be best served at least to have a moderate repeat infringer policy, generally consisting of a three-strike limit.42 Further, if a service provider is made aware of infringing material, even without actual knowledge, courts may impute that the service provider still have “red flag” knowledge, thus exposing the provider to vulnerability. More importantly, however, the decision reiterates that there is no affirmative monitoring requirement for infringing material by service providers—it must be brought to their attention.43

Assuming the Web site qualifies for the safe harbor, the DMCA mandates that the Web site identify a designated agent to receive takedown notices and that it expeditiously comply with such notices. It also includes a counter-notification provision that offers a safe harbor from liability to their users upon notice from such users claiming that the material in question is not, in fact, infringing. While these provisions are set forth under United States law, the same basic procedures have generally been adopted worldwide: for example, in South Korea’s Section 102 and 103 of Copyright Law of Korea, and in the European Union’s Electronic Commerce Directive, which was subsequently implemented by its member states (i.e., France’s Digital Economy Law).44


In 1996, Congress enacted the Communications Decency Act (CDA).45 Certain portions of the CDA have since been struck down as unconstitutional, but the operative portion for companies’ social media features remains intact. In Section 230 of the CDA, Congress provided for protection for online service providers from actions against them based on the content of third parties. It provides, in pertinent part, that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”46 This immunity is subsequently qualified; however, in that Congress instructs courts to construe the immunity provided under the CDA “in a manner that would neither ‘limit or expand any law pertaining to intellectual property.’”47 “As a result, the CDA does not clothe service providers in immunity from laws pertaining to [federally recognized] intellectual property.” 48

The primary inquiry into whether an interactive computer service qualifies for protection under the CDA is whether it constitutes as an information content provider. Case law suggests that a provider does not have to provide tortious content overtly and actively to be found liable. For example, in Fair Housing Council of San Fernando Valley v. Roommates.Com, LLC, the plaintiff brought housing discrimination claims against a Web site designed to match people renting out space to live. The Web site required users to create a profile and disclose his/her sex, sexual orientation, and family status.49 The Web site also provided a search engine with a drop-down menu to sort by these factors.50 Based on these and other features, the Web site asserted immunity under the CDA, arguing that it did not provide any discriminatory information.51 However, an information content provider is defined as someone who is “responsible, in whole or in part, for the creation or development of” the offending content.52 The court held that the questions, profiles, and drop-down menus regarding private information were not immune from the CDA because they “elicited” and “induced” particular responses, thus allowing the Web site to contribute to the information provided.53 The court, however, further found that the “additional comments” section was protected under the CDA because it was a neutral tool that did not prompt or entice any comments. Thus, even asking certain questions and providing a standardized template for answers can leave a service provider open to liability. Service providers may be well served to exercise care in trying to obtain information from users in a neutral manner such as an open text box or “additional comments” section.

Subject to the above-described limitations, the CDA effectively shields ISPs and Internet users from liability for torts committed by others using their Web site or online forum, even if the provider fails to take action after receiving actual notice of the harmful or offensive content. The CDA’s broad immunity has come under fire from time to time because it permits Web sites to disregard defamatory or other injurious content. If an issue presents itself, the best practice is to ensure that neither Congress nor the courts have narrowed its protections.


In addition to the safe harbor laws, Congress also imposed obligations on Web sites that enable interaction with users. One of the more notable is the Children’s Online Privacy Protection Act54 (COPPA) which, as modified and effective April 21, 2000, applies to the online collection of personal information from children under thirteen years of age. Personal, identifiable information typically includes name, e-mail, phone number, social security number, and address, and can also be combined with other distinguishing physical characteristics such as eye and hair color.55 COPPA applies to commercial Web sites and online services that are either directed to children under thirteen years old or have actual knowledge that children under thirteen are providing information online. It mandates what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children’s privacy and safety online, including restrictions on the marketing to those under thirteen.56 COPPA mandates that a Web site operator must include in its privacy policy the following: (1) the contact information of all operators; (2) what information is collected as well as why and how it is used; (3) whether such information is divulged to third parties; (4) that parents must be able to consent to the service or action without consenting to third-party dissemination; (5) that the operator cannot collect more personal, identifiable information than is necessary; and (6) that operators must give parents the option to review and delete any information collected. In addition, if the operator discloses personal, identifiable information to third parties, it must obtain verifiable parental consent.57

As of the date of publication, the Federal Trade Commission (FTC) has proposed updates to COPPA, intended to strengthen its protection further against the collection of personal, identifiable information for children under thirteen years of age and younger. The commission proposes to state within the definition of “operator” that personal information is “collected or maintained on behalf of” an operator, where it is collected in the interest of, as a representative of, or for the benefit of, the operator. This change would make clear that an operator of a child-directed site or service that chooses to integrate the services of others that collect personal information from its visitors should itself be considered a covered “operator” under the rule.58 The commission also proposes to modify the definition of “website or online service directed to children” to clarify that a plug-in or ad network is included if it knows or has reason to know that it is collecting personal information.59 To address the reality that some Web sites are appealing to both young children and adults, the proposed definition change would allow these mixed audience Web sites to age-screen all visitors to provide COPPA’s protections to users under age thirteen.60 Finally, the commission proposes to modify the rule’s definition of “personal information” to make clear that a persistent identifier will be considered personal information where it can be used to recognize a user over time, or across different sites or services, and where it is used for purposes other than support for internal operations.61

The FTC enforces COPPA with regularity and tenacity. It has brought a number of actions against Web site operators for failure to comply with COPPA requirements, including actions against franchisors such as Mrs. Field’s Cookies.62 The FTC also has not been hesitant to pursue social media Web sites, fining social media Web site Xanga $1 million for repeatedly allowing children under thirteen to sign up for the service without getting parental consent.63 And, when the FTC does take action, $1 million fines are not entirely uncommon. For example, the FTC recently settled with Sony BMG for $1 million because it collected personal, identifiable information from over 30,000 underage users without verifiable parental consent, even though Sony stated in its privacy policy that underage users would not be allowed access and personal information would not be collected from them.

Only gold members can continue reading. Log In or Register to continue

Jul 28, 2015 | Posted by in General Dentistry | Comments Off on 1: SYSTEM INTERNET COMMUNICATIONS
Premium Wordpress Themes by UFO Themes