In 1998, Congress passed the Children's Online Privacy Protection Act to protect kids who are using the Internet from aggressive marketing techniques. In a nutshell, commercial web sites that target children cannot collect personal information from kids under the age of 13 without verifiable parental consent.

While this law creates a tool for greater parental involvement, unfortunately, compliance isn't guaranteed for every site. Additionally, implementation has a number of interesting problems. Many companies, for example, hold information from off-line and online sources, but the law only covers information collected online. In this example, the same product registration information for a child can be kept if returned by mail but not if submitted online.

Another implementation issue occurs on the website itself. Many sites that collect age information simply reject personal information from children under the age of 13. It is very easy for a child to then simply re-enter their information with an older date. This raises two issues: the business is now collecting corrupted data, and does the website operator have a greater responsibility to adhere to the spirit of the law? Ideally, a website should redirect the underage consumer to age-appropriate content. Other options might include deploying some type of persistent blocking technology, such as a cookie, when a child attempts to register online.

Federal Trade Commission COPPA site