Is Your Community Legal? Xanga Fined For Under Age Users

If you run a community one of the tricky tightropes to walk is that of data protection and privacy. All to often communities fall foul of this, finding out their seemingly industry standard approach has dropped them in hot water, as Xanga found out.

Check out the story at, a rival to the popular, allegedly permitted creation of 1.7 million accounts by users who submitted birthdays indicating they were under 13.

It seems most pundits are focussing on the fact they do ask a persons age so ignorance is in no way a defence here.

“COPPA requires all commercial Web sites, including operators of social networking sites like Xanga, to give parents notice and obtain their consent before collecting personal information from kids they know are under 13. A million-dollar penalty should make that obligation crystal clear.”

I wonder had they not had the date of birth field (and bizarrely a separate “are you over 13?” tickbox) would they have gotten into this mess?

Obviously that particular community was a huge target to be made an example of, but if you do run a community of any scale it is worth checking you are not breaking any laws in your region. It is a lot more expensive to put right after the fact.

8 thoughts on “Is Your Community Legal? Xanga Fined For Under Age Users

  1. Good point 123soccer, I think it could be safe to say that “When you are online, you shouldn’t trust anyone under 13 and you definitely shouldn’t trust anyone over 13, and when website promotion and competitive advantage are at stake don’t trust anyone else either!”

  2. it could be a way to get rid of your competitor.

    like what if myspace “goupies” where joining xanga and say they are under 13.


  3. Sites that require my credit card to verify my identity rarely get my business – only when I really need their services and trust them significantly.

    I’ve received almost a half dozen notices from various companies and past employers that have compromised my personal information within the last 12 months alone.

    I don’t need to increase the odds of a problem, by proving my age or identity with a number that can deplete my bank account and savings and turn my credit into something of personal harm.

    Same thing with the SSID.

    I’d agree with Markus we may be separated by an ocean, but I think the responsibility is on the parents. Part of that responsibility includes educating and training their children to navigate the online world when they are adolescents such that when they become teenagers they can protect themselves more and more until they are adults and completely thrown to the wolves.

    Life isn’t easy and technology doesn’t change that fact.

  4. I have no credit card. But that’s not the question.

    Point #1 It is absolutely not the point that ‘somebody’ has to verify the input. If it goes this direction my pessimistic statement is as follows: State authorities will try to draw that authentication process towards their ‘trusted’ hands or will give away the handling to private companies. This can’t be the aim.

    Point #2 is that it is the task of the parents to watch the children and check out if an online community is good for their kid or not.

    You simply can’t give away responsibilities.

  5. As long as people can lie about their age, there is absolutely no way to monitor this problem and avoid underaged kids from accessing a site.

    Scary propsition to say the least.

    Just my $.02.

  6. You need to have a system that not only accepts your input but also verifies the input.

    Entering your SSID or an equivalent is not gonna help simply because:

    1. It’s not feasible
    2. It does not exist

    Again, there’s a down side to having such a system. It simply means that your personal identity is online. And I can already hear the paranoid crowd rejecting the hypothesis with loud boos and jeers.

    There’s must be a way out of this tradeoff. Only we don’t know what it is yet. Looks like this is a good time to think about that win-win-win situation NOW, Raj…


  7. Perhaps one day we will have Internet ID cards that will be like checking for drinking age or smoking age in stores.

    Companies need to do a better job in this area and maybe this type of fine will do the trick.

Comments are closed.