Mailing List Archive

On 9/8/06, Anthony <wikilegal@inbox.org> wrote:
> Xanga just got hit with big fines for "repeatedly allowing children
> under 13 to sign up for the service without getting their parent's
> consent". How does COPPA affect Wikimedia projects?

The Wikimedia Foundation is exempt from COPPA due to its status as a
non-profit organization not engaged in commerce. No Wikimedia site is
operated for a commercial purpose; therefore, the act has no
application to Wikimedia.

Next time, read the statute before you spew FUD, ok?

Kelly
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

On 9/8/06, Kelly Martin <kelly.lynn.martin@gmail.com> wrote:
> On 9/8/06, Anthony <wikilegal@inbox.org> wrote:
> > Xanga just got hit with big fines for "repeatedly allowing children
> > under 13 to sign up for the service without getting their parent's
> > consent". How does COPPA affect Wikimedia projects?
>
> The Wikimedia Foundation is exempt from COPPA due to its status as a
> non-profit organization not engaged in commerce. No Wikimedia site is
> operated for a commercial purpose; therefore, the act has no
> application to Wikimedia.
>
> Next time, read the statute before you spew FUD, ok?

I asked a question. You answered it. Where's the FUD?
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

On 9/8/06, Kelly Martin <kelly.lynn.martin@gmail.com> wrote:
> The Wikimedia Foundation is exempt from COPPA due to its status as a
> non-profit organization not engaged in commerce.

The US goverment would disagree:

Who Must Comply

If you operate a commercial Web site or an online service directed to
children under 13 that collects personal information from children or
if you operate a general audience Web site and have actual knowledge
that you are collecting personal information from children, you must
comply with the Children's Online Privacy Protection Act.

http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm

The actual text of the law is complex and I would not venture an
opinion on what effect it should have on the current activites of the
foundation


--
geni
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

On 9/8/06, Anthony <wikilegal@inbox.org> wrote:
> On 9/8/06, Kelly Martin <kelly.lynn.martin@gmail.com> wrote:
> > On 9/8/06, Anthony <wikilegal@inbox.org> wrote:
> > > Xanga just got hit with big fines for "repeatedly allowing children
> > > under 13 to sign up for the service without getting their parent's
> > > consent". How does COPPA affect Wikimedia projects?
> >
> > The Wikimedia Foundation is exempt from COPPA due to its status as a
> > non-profit organization not engaged in commerce. No Wikimedia site is
> > operated for a commercial purpose; therefore, the act has no
> > application to Wikimedia.
> >
> > Next time, read the statute before you spew FUD, ok?
>
> I asked a question. You answered it. Where's the FUD?
>
Here's another question. If the Wikimedia Foundation is not engaged
in commerce, how come they can hold trademarks? Don't you have to use
the mark in commerce in order to be granted a trademark?
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

geni wrote:

>On 9/8/06, Kelly Martin <kelly.lynn.martin@gmail.com> wrote:
>
>
>>The Wikimedia Foundation is exempt from COPPA due to its status as a
>>non-profit organization not engaged in commerce.
>>
>>
>
>The US goverment would disagree:
>
>Who Must Comply
>
>If you operate a commercial Web site or an online service directed to
>children under 13 that collects personal information from children or
>if you operate a general audience Web site and have actual knowledge
>that you are collecting personal information from children, you must
>comply with the Children's Online Privacy Protection Act.
>
>http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm
>
>The actual text of the law is complex and I would not venture an
>opinion on what effect it should have on the current activites of the
>foundation
>
>
>
>
The Foundation should require age verification if this is true. It's
pretty simple, just a disclaimer
when an account is created "You cerify that ... blah blah blah ... you
are over <X> years of age".

And yes, they are engaged in commerce.

Jeff

_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

On 9/8/06, geni <geniice@gmail.com> wrote:
> On 9/8/06, Kelly Martin <kelly.lynn.martin@gmail.com> wrote:
> > The Wikimedia Foundation is exempt from COPPA due to its status as a
> > non-profit organization not engaged in commerce.
>
> The US goverment would disagree:
>
The FTC seems to imply that Kelly is right.

http://www.ftc.gov/privacy/coppafaqs.htm

18. Are websites run by nonprofit entities subject to the Rule?

The Act and the Rule expressly state that they apply to commercial
websites and not to nonprofits that would otherwise be exempt from
coverage under Section 5 of the FTC Act. Thus, in general, most
non-profits are not subject to the Rule. However, nonprofits that
operate for the profit of their for-profit members may be subject to
the Rule. See FTC v. California Dental Association 526 U.S. 756
(1999), for additional guidance on when nonprofits are subject to FTC
jurisdiction. Although true nonprofits are not subject to COPPA, we
encourage them to set an example by posting privacy policies and
providing the protections set forth in COPPA to children providing
personal information at their sites.
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

Anthony wrote:

>On 9/8/06, geni <geniice@gmail.com> wrote:
>
>
>>On 9/8/06, Kelly Martin <kelly.lynn.martin@gmail.com> wrote:
>>
>>
>>>The Wikimedia Foundation is exempt from COPPA due to its status as a
>>>non-profit organization not engaged in commerce.
>>>
>>>
>>The US goverment would disagree:
>>
>>
>>
>The FTC seems to imply that Kelly is right.
>
>http://www.ftc.gov/privacy/coppafaqs.htm
>
>18. Are websites run by nonprofit entities subject to the Rule?
>
>The Act and the Rule expressly state that they apply to commercial
>websites and not to nonprofits that would otherwise be exempt from
>coverage under Section 5 of the FTC Act. Thus, in general, most
>non-profits are not subject to the Rule. However, nonprofits that
>operate for the profit of their for-profit members may be subject to
>the Rule. See FTC v. California Dental Association 526 U.S. 756
>(1999), for additional guidance on when nonprofits are subject to FTC
>jurisdiction. Although true nonprofits are not subject to COPPA, we
>encourage them to set an example by posting privacy policies and
>providing the protections set forth in COPPA to children providing
>personal information at their sites.
>
>
The Foundation is exempt, the community is not (communities have been
ruled to be entities in several court cases since they
have rights, like the right to privacy and anonymity). It's a seperate
entity engaged in commerce of Encyclopedic content
with an FGDL cost structure of $0. It's pretty simple to just play it
safe and put in an age disclaimer when an account
is created. Whether it applies or not sounds like one of those
experimental law questions that would be better NOT ever put
to the test and an easy solution to bury the whole argument is just to
put some sort of age verification question on the account
creation template. It costs and gives up nothing and removes any
question about stuff like this.

:-)

Jeff


>_______________________________________________
>foundation-l mailing list
>foundation-l@wikimedia.org
>http://mail.wikipedia.org/mailman/listinfo/foundation-l
>
>
>

_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

On 9/8/06, Jeff V. Merkey <jmerkey@wolfmountaingroup.com> wrote:
>
> Anthony wrote:
>
> >On 9/8/06, geni <geniice@gmail.com> wrote:
> >
> >
> >>On 9/8/06, Kelly Martin <kelly.lynn.martin@gmail.com> wrote:
> >>
> >>
> >>>The Wikimedia Foundation is exempt from COPPA due to its status as a
> >>>non-profit organization not engaged in commerce.
> >>>
> >>>
> >>The US goverment would disagree:
> >>
> >>
> >>
> >The FTC seems to imply that Kelly is right.
> >
> >http://www.ftc.gov/privacy/coppafaqs.htm
> >
> >18. Are websites run by nonprofit entities subject to the Rule?
> >
> >The Act and the Rule expressly state that they apply to commercial
> >websites and not to nonprofits that would otherwise be exempt from
> >coverage under Section 5 of the FTC Act. Thus, in general, most
> >non-profits are not subject to the Rule. However, nonprofits that
> >operate for the profit of their for-profit members may be subject to
> >the Rule. See FTC v. California Dental Association 526 U.S. 756
> >(1999), for additional guidance on when nonprofits are subject to FTC
> >jurisdiction. Although true nonprofits are not subject to COPPA, we
> >encourage them to set an example by posting privacy policies and
> >providing the protections set forth in COPPA to children providing
> >personal information at their sites.
> >
> >
> The Foundation is exempt, the community is not (communities have been
> ruled to be entities in several court cases since they
> have rights, like the right to privacy and anonymity). It's a seperate
> entity engaged in commerce of Encyclopedic content
> with an FGDL cost structure of $0. It's pretty simple to just play it
> safe and put in an age disclaimer when an account
> is created. Whether it applies or not sounds like one of those
> experimental law questions that would be better NOT ever put
> to the test and an easy solution to bury the whole argument is just to
> put some sort of age verification question on the account
> creation template. It costs and gives up nothing and removes any
> question about stuff like this.
>
> :-)
>
> Jeff
>
>
> >_______________________________________________
> >foundation-l mailing list
> >foundation-l@wikimedia.org
> >http://mail.wikipedia.org/mailman/listinfo/foundation-l
> >
> >
> >
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/foundation-l
>

I think it helps a lot that neither the foundation nor the projects actually
collect personal information about people as part of project activities,
other than the account's email if the user wants to, and their IP address
(for anons or checkuser usage).

I don't know that "what people can post on their user page is up to them"
and allowing them to identify themselves counts in some way as a collection
of information. That would be a useful question for the FTC.

A disclaimer statement sure couldn't hurt here. I suspect it's harmless
anyways, but I don't see it being a problem to put up an enhanced
disclaimer.


--
-george william herbert
george.herbert@gmail.com
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

geni wrote:

>On 9/8/06, Kelly Martin <kelly.lynn.martin@gmail.com> wrote:
>
>
>>The Wikimedia Foundation is exempt from COPPA due to its status as a
>>non-profit organization not engaged in commerce.
>>
>>
>Who Must Comply
>
>If you operate a commercial Web site or an online service directed to
>children under 13 that collects personal information from children or
>if you operate a general audience Web site and have actual knowledge
>that you are collecting personal information from children, you must
>comply with the Children's Online Privacy Protection Act.
>
>http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm
>
>The actual text of the law is complex and I would not venture an
>opinion on what effect it should have on the current activites of the
>foundation
>
Did I miss something? What personal information are we collecting from
children?

Ec

_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

On 9/8/06, Ray Saintonge <saintonge@telus.net> wrote:
> Did I miss something? What personal information are we collecting from
> children?
>
> Ec

the content of userpages.


--
geni
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

We don't collect userpages. We allow people to create them.

COPPA is primarily an anti-data-mining regulation.

Kelly
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

geni wrote:

>On 9/8/06, Ray Saintonge <saintonge@telus.net> wrote:
>
>
>>Did I miss something? What personal information are we collecting from
>>children?
>>
>>Ec
>>
>>
>the content of userpages.
>
A new user page is blank. It has no questions asking for personal
information, or, for that matter, questions of any sort.

Ec

_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

Kelly Martin wrote:

>We don't collect userpages. We allow people to create them.
>
>COPPA is primarily an anti-data-mining regulation.
>
>Kelly
>_______________________________________________
>foundation-l mailing list
>foundation-l@wikimedia.org
>http://mail.wikipedia.org/mailman/listinfo/foundation-l
>
>
>
And people can mine userpages externally. There's no protection of privacy.



_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

Jeff V. Merkey wrote:

> Kelly Martin wrote:
>
>> We don't collect userpages. We allow people to create them.
>>
>> COPPA is primarily an anti-data-mining regulation.
>>
>> Kelly
>> _______________________________________________
>> foundation-l mailing list
>> foundation-l@wikimedia.org
>> http://mail.wikipedia.org/mailman/listinfo/foundation-l
>>
>>
>>
> And people can mine userpages externally. There's no protection of
> privacy.
>
>
>
>
i.e. "You must be logged in to be able to view User Pages and their
content". Don't let google scrape user page content.




_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

On 9/8/06, Ray Saintonge <saintonge@telus.net> wrote:
>
> geni wrote:
>
> >On 9/8/06, Ray Saintonge <saintonge@telus.net> wrote:
> >
> >
> >>Did I miss something? What personal information are we collecting from
> >>children?
> >>
> >>Ec
> >>
> >>
> >the content of userpages.
> >
> A new user page is blank. It has no questions asking for personal
> information, or, for that matter, questions of any sort.
>
> Ec
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/foundation-l
>


From:
http://www.ftc.gov/privacy/coppafaqs.htm
-----

*38. I operate a general audience site and don't ask visitors to reveal
their ages. However, I do have a number of chat rooms. *

*(a) What happens if a child visits my site and posts personal information
in a chat room but doesn't reveal his age?*

The Rule is not triggered. It applies to general audience websites if they
have *actual knowledge* that a particular visitor is a child. If such a site
knows that a particular visitor is a child, then the Rule must be followed
with respect to that child. If a child posts personal information on a
general audience site, but doesn't reveal his or her age and you have no
other information that would lead you to know that the visitor is a child,
then you would not have "actual knowledge" under the Rule and would not be
subject to its requirements. Collecting a child's age, however, does provide
"actual knowledge."

*(b) What happens if a child visits my chat room and announces his or her
age?*

If your site has a chat room and no one in your organization sees or is
alerted to the post, then you do not have the requisite actual knowledge
under the Rule. You may be considered to have actual knowledge with respect
to that child: (1) if someone from your operations sees the post in a chat
room; or (2) if someone alerts you to the post. At that point, you should
delete any personal information that has been posted and either ask the
child for a parent's email address for purposes of providing notice and
obtaining consent to future postings, or take reasonable steps to block that
child from returning to the chat area of the site, whether through screen
name blocking, a cookie, or some other means.

If you have monitored chat rooms where the monitors can delete information
from posts *before* they are made public, then your monitors can simply
strip the child's posts of any personal information before they are publicly
posted, thus permitting children to participate in the chat room without the
need for obtaining parental consent. This practice is easily applied to
"auditorium" style chat in which children pose questions which are screened
to a moderator or guest celebrity.
-----

It would appear on first glance that though Wikipedia is probably exempt due
to being a nonprofit, but that if we were a for-profit then a child posting
their own info in a user page (or anywhere else) would fall under the
Question 38 examples above.

Though this is undoubtedly a foundation business/legal decision, it would
make sense to me that Wikipedia might want to follow that recommended
general purpose website guideline above, even if it doesn't apply as a legal
requirement because WP is nonprofit. It would seem to be a good general
policy.

The FAQ also recommends that general (non child-oriented) and nonprofit
sites have privacy policies, even if we aren't required to. That sounds
good to me.


--
-george william herbert
george.herbert@gmail.com
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

&quot;If your site has a chat room and no one in your organization sees or is

alerted to the post, then you do not have the requisite actual knowledge

under the Rule. You may be considered to have actual knowledge with respect

to that child: (1) if someone from your operations sees the post in a chat

room; or (2) if someone alerts you to the post.&quot;



For the record, I believe I have triggered this rule:
http://meta.wikimedia.org/wiki/Talk:Privacy_policy#Lack_of_COPPA




Thanks, George

en|meta|commons: [[User:GChriss]]




On Fri, 08 Sep 2006 11:41:18 -0700 &quot;George Herbert&quot; wrote:




On 9/8/06, Ray Saintonge <saintonge@telus.net> wrote:
>
> geni wrote:
>
> >On 9/8/06, Ray Saintonge <saintonge@telus.net> wrote:
> >
> >
> >>Did I miss something? What personal information are we collecting from
> >>children?
> >>
> >>Ec
> >>
> >>
> >the content of userpages.
> >
> A new user page is blank. It has no questions asking for personal
> information, or, for that matter, questions of any sort.
>
> Ec
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/foundation-l
>


From:
http://www.ftc.gov/privacy/coppafaqs.htm
-----

*38. I operate a general audience site and don't ask visitors to reveal
their ages. However, I do have a number of chat rooms. *

*(a) What happens if a child visits my site and posts personal information
in a chat room but doesn't reveal his age?*

The Rule is not triggered. It applies to general audience websites if they
have *actual knowledge* that a particular visitor is a child. If such a site
knows that a particular visitor is a child, then the Rule must be followed
with respect to that child. If a child posts personal information on a
general audience site, but doesn't reveal his or her age and you have no
other information that would lead you to know that the visitor is a child,
then you would not have &quot;actual knowledge&quot; under the Rule and would not be
subject to its requirements. Collecting a child's age, however, does provide
&quot;actual knowledge.&quot;

*(b) What happens if a child visits my chat room and announces his or her
age?*

If your site has a chat room and no one in your organization sees or is
alerted to the post, then you do not have the requisite actual knowledge
under the Rule. You may be considered to have actual knowledge with respect
to that child: (1) if someone from your operations sees the post in a chat
room; or (2) if someone alerts you to the post. At that point, you should
delete any personal information that has been posted and either ask the
child for a parent's email address for purposes of providing notice and
obtaining consent to future postings, or take reasonable steps to block that
child from returning to the chat area of the site, whether through screen
name blocking, a cookie, or some other means.

If you have monitored chat rooms where the monitors can delete information
from posts *before* they are made public, then your monitors can simply
strip the child's posts of any personal information before they are publicly
posted, thus permitting children to participate in the chat room without the
need for obtaining parental consent. This practice is easily applied to
&quot;auditorium&quot; style chat in which children pose questions which are screened
to a moderator or guest celebrity.
-----

It would appear on first glance that though Wikipedia is probably exempt due
to being a nonprofit, but that if we were a for-profit then a child posting
their own info in a user page (or anywhere else) would fall under the
Question 38 examples above.

Though this is undoubtedly a foundation business/legal decision, it would
make sense to me that Wikipedia might want to follow that recommended
general purpose website guideline above, even if it doesn't apply as a legal
requirement because WP is nonprofit. It would seem to be a good general
policy.

The FAQ also recommends that general (non child-oriented) and nonprofit
sites have privacy policies, even if we aren't required to. That sounds
good to me.


--
-george william herbert
george.herbert@gmail.com
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l


_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

From: "Ray Saintonge" <saintonge@telus.net>
>>
> Did I miss something? What personal information are we collecting from
> children?

The IP ?

_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

IP addresses are not personal information. Oh my no.

On 9/8/06, Bradypus <Bradypus_wp@yahoo.fr> wrote:
>
> From: "Ray Saintonge" <saintonge@telus.net>
> >>
> > Did I miss something? What personal information are we collecting from
> > children?
>
> The IP ?
>
> _______________________________________________
> foundation-l mailing list
> foundation-l@wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

On Fri, September 8, 2006 18:54, George Herbert wrote:
> I think it helps a lot that neither the foundation nor the projects
> actually
> collect personal information about people as part of project activities,
> other than the account's email if the user wants to, and their IP address
> (for anons or checkuser usage).

I would read "collects" as "requires from the individual in order to open
an account or editing facility whether mandatory or optional", which at
most would be a valid email address.

The information people may or may not choose to place on a userpage is
simmilar to the content on an LJ or MySpace page or in a blog. It isn't
"collected" by the operator as part of their service but freely offered by
the person involved for their own purposes.

Alison Wheeler

_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l

good coppa Your efforts beautifull :)



>From: Anthony <wikilegal@inbox.org>
>Reply-To: Wikimedia Foundation Mailing List <foundation-l@wikimedia.org>
>To: foundation-l@wikimedia.org
>Subject: [Foundation-l] COPPA
>Date: Fri, 8 Sep 2006 12:27:27 -0400
>
>Xanga just got hit with big fines for "repeatedly allowing children
>under 13 to sign up for the service without getting their parent's
>consent". How does COPPA affect Wikimedia projects?
>_______________________________________________
>foundation-l mailing list
>foundation-l@wikimedia.org
>http://mail.wikipedia.org/mailman/listinfo/foundation-l

_________________________________________________________________
Sevdiklerinizle Messenger'da görüsün ve sesli sohbet edin!
http://messenger.live.com

_______________________________________________
foundation-l mailing list
foundation-l@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/foundation-l