美國兒童線上隱私權保護法於2000年4月21日生效,主要針對線上收集13歲以下兒童個人信息的行為。它規定網站管理者要遵守隱私規則,必須說明何時和如何以一種可以驗證的方式向兒童家長索求同意,並且網站管理者必須保護兒童線上隱私和安全。
基本介紹
- 中文名:兒童網上隱私保護法
- 類型:法律法規
- 出現:美國
- 生效:2000年4月21日
保護法介紹,美國法及實施,出師不利,4部相關法律,美國強制執行,英文法案全文,
保護法介紹
相對於一般的信息隱私保護,美國社會認為兒童網上隱私的保護應列為最優先的地位。事實上,相當一部分網站會對涉世不深、對網上隱私保護缺乏認識和警惕的兒童進行個人信息的收集,如通過卡通人物發問或以贏得獎品等機會來誘導未成年人填寫個人信息,包括姓名、生日、住址、消費習慣、產品偏好,甚至父母的年薪等,再將這些個人信息分析整理作為商業牟利的手段。這引發了美國媒體教育中心及美國消費者聯盟等社會團體的高度關注,認為這種狀況對兒童網上隱私造成了嚴重侵害。
因此,美國國會在1998年通過了《兒童網上隱私保護法》,該法案要求網路從業者要確實告知(actual notice)其網站的隱私權政策,並且在收集13歲以下兒童個人信息前,必須首先獲得其家長的同意。《兒童網上隱私保護法》己於2000年4月21日開始施行,根據這項法律,美國線上等著名網路服務提供商己將所有未滿13歲的登錄者的個人信息全部刪除。以後,13歲以下的用戶將使用一種處於美國線上家長監控系統監測之下的個人信息登記表,而且未成年用戶在網上的活動也會受到一定的限制。美國政府和隱私權
保護組織的努力並沒有到此為止,他們密切關注《兒童網上隱私保護法》的實施情況。
美國法及實施
1998年,國會通過了《兒童線上隱私保護法》(COPPA),保護兒童個人信息免受商業網站侵犯。1999年10月20日,聯邦貿易委員會(FTC)發布了實施該法的細則,該細則於2000年4月21日生效,適用於線上收集個人信息的活動。
《兒童線上隱私保護法》的要點是:要求那些面向12歲以下兒童、或向兒童收集信息的網站和線上服務者,向父母發出有關信息收集的通知,並在向兒童收集個人信息之前得到父母的同意;要求網站保證父母有可能修改和更正這些信息。除了保護兒童隱私外,該法還保證兒童在言論、信息搜尋和發表的權利不受到負面影響。
實施細則闡明了法律調整的範圍和責任問題,《兒童線上隱私保護法》管理個人信息的收集,但並不包括兒童相互之間收集信息。聯邦貿易委員會保留了兒童線上交流的權利,如:允許面向兒童的網站即使沒有父母的同意,也可以提供“聊天”和其它服務,只要在交流公開化之前,隱藏所有的個人信息。這些規定保護了網站繼續為兒童提供交流的機會,同時也保護他們的安全和隱私。尤其需要指出的是,細則修改了若干妨礙兒童參與、發表言論和要求線上信息服務權利的定義。該細則代表了聯邦貿易委員會對媒體的理解,表明委員會能為複雜的媒體提供同樣複雜的法律規範。
民主和科學中心(The Center for Democracy and Technology,CDT)監督細則的實施,保證達到《兒童線上隱私保護法》的目的。以下,對該細則的要點作簡要介紹。
一、關於兒童言論和《兒童線上隱私保護法》的要求
《兒童線上隱私保護法》的規定適用於面向12歲以下兒童的網站和線上服務者,及那些明知對方是兒童的一般網站。為了保證兒童能進行網上交流,法律對“父母同意”的要求有3個例外:
1、即使沒有父母同意,允許兒童通過電子郵件提問;
2、當兒童從網上獲得時事信息時,可以沒有父母同意,只要父母被通知並有權取消這些信息;
3、當兒童從事聯邦貿易委員會認為必要的活動時。
細則的“基礎和目的陳述”部分指出:“提供電子郵件帳號,保留被註冊的電子地址記錄和相關信息的運營者,都被本法認為是收集電子地址的行為,”這些行為都需要得到父母的同意。因此,細則規定兒童網站在向兒童提供電子郵件帳號之前,必須得到父母的同意。為此,網站必須使用較麻煩的方法,如:傳真、信件、800免費電話、信用卡認證、數字識別、或設密碼的電子信箱等識別方法。
一般客群網站發布電子郵件地址時不必遵守該法,即使兒童可以用這個帳號向別人提供個人信息。但假如一般客群網站明知使用這一帳號的是兒童時,應遵守該細則。
細則規定,兒童網站提供聊天服務有兩個選擇權:
(1)它們可以保證在發布信息前,把個人信息從兒童的交談中剝離掉,並從網站的記錄中刪除;或
(2)它們也可以通過傳真、信件、800免費電話、信用卡認證、數字識別、或設密碼的電子信箱等識別方法得到父母的許可。
這樣,兒童網站提供的聊天服務是被監控的,兒童可以不經父母的同意參與。一般客群網站只有在明知使用這一服務的是兒童,又沒有採取第(1)項的步驟時才負責。
細則對聊天的規定也適用於在網上發表社論和建立網頁等領域。
細則規定兒童能發電子郵件要求獲得信息,兒童網站只要刪除兒童的電子郵件地址,並不再為其它目的使用它,即使沒有父母同意,也可以回答這些問題。一般客群網站只有在明知對方是兒童時才受這一限制。
兒童網站可以應兒童的要求發給他們多份電子郵件或其它信息,只要通知其父母,並使父母能隨時阻止這種行為。
二、關於調整範圍
《兒童線上隱私保護法》對兒童網站和明知對方是兒童的一般網站作出要求。然而民主和科學中心認為法律的適用者太廣泛,應有一些限制,假如任何人都適用,那將造成法律適用範圍的不確定。這將產生副面影響——幼童的信息將被違法收集,或者本法不包括的青少年的信息和隱私可能被無意地侵犯。
細則規定聯邦貿易委員會在認定“兒童網站”方面有靈活性,網站的所有特性都可以被考慮在內。
細則闡明法律不涵蓋純粹的通道提供商。聯邦貿易委員會清楚地劃分了“通道提供商”和“運營商”的區別,表明:“網站或線上服務僅僅作為通道提供商,收集的個人信息流向其他人、其他網站或線上服務,網站或線上服務本身並沒有接觸到這些信息,則不是細則規定的運營商。”
三、關於法律規定的權利和義務
細則採用靈活的標準實施“識別父母同意”,並建立了一個早期評估機制來評估它。網站內部使用的信息可以在徵得父母同意後用電子郵件傳遞;網站向其他人發布信息,或允許在信息發布前不刪除個人信息的交流時,網站必須通過郵遞、傳真、信用卡認證、電話、或數位訊號得到父母的同意。聯邦貿易委員會認為在這些情況下增加了兒童安全的風險,所以要求提高父母同意的保證。
細則修改了向父母提供被收集的兒童信息的機制。細則規定父母不需提供任何證明就可以得到收集信息的一般目錄。
總之,《兒童線上隱私保護法》的通過是一個里程碑。細則的制定首先是聯邦機構為特定的網際網路環境實施規劃的努力。在許多方面,《兒童線上隱私保護法》是政府能否成功介入線上環境的試驗基礎。《兒童線上隱私保護法》的成功實施將影響未來的隱私保護、自由言論和網際網路上的商業活動。聯邦貿易委員會、民主和科學中心及國會將共同努力保證在數字時代保護隱私。
出師不利
美國首部以保護未成年網民個人隱私的法律2000年4月21日剛生效便遇到了麻煩。這部名為“兒童線上隱私保護法”的法律規定商業網站收集年齡在13歲以下少年的個人信息以及這些未成年少年進入網上聊天室或主動提供自己的個人情況必須首先得到其父母的同意。
制定這項法律的美國聯邦貿易委員會(FTC)建議網站要求兒童網民提供其父母的信用卡號,來證明他們上網是徵得了父母同意的。
迪斯尼公司採納了FTC的建議,宣布兒童上網登錄其所有網站都必須提供父母的信用卡號。迪斯尼從去年初開始是通過電子郵件方式來進行父母認可確認的,但是其發言人最近表示,提供父母信用卡號的方式確認程度最為準確,因而公司決定採用這種方式,並強調在確認過程中不會從信用卡上划走一分錢。但是這個計畫一出台,就受到了萬事達國際信用卡公司的強烈反對。
萬事達公司明確表示不希望其信用卡在沒有金融交易的情況下被用作確認用途,理由是這樣做容易引發更多的信用卡欺詐案。該公司發言人說:“信用卡從來就不是用來進行年齡確認用途的,再說如果進行的是零單位交易,電腦系統將會不予以接受。”
FTC官員稱除了信用卡以外,還建議網站開通免費電話和電子郵件系統供父母們對孩子的上網進行確認。不過這名官員承認所有這些方法都不是最理想的,政府將積極尋求其他更為穩妥安全的技術手段(其中包括電子簽名)。
這件事情還沒有個結果,一個非營利組織也對隱私法提出了批評,指責這項法律給商業網站的經營活動增加了沉重的負擔。該組織在聲明中指出:法律不僅在間接地鼓勵孩子隱瞞自己的年齡,而且會造成網站經營成本大幅上升。
據一名業內專家預計,一個網站要完全做到符合這項法律的規定,僅支付額外僱請的管理登記系統的員工工資一項,每年就必須增加6萬到10萬美元的經營成本預算。
4部相關法律
美國為防範暴力、色情等網路不良文化危害青少年,從1996年至今,先後通過了4部相關法律:《通信內容端正法》、《兒童線上保護法》、《兒童網路隱私規則》和《兒童網際網路保護法》(兒童特指18歲以下的未成年學生)。這些法律最根本的出發點就是區別對待兒童和成人,保護兒童不在網上遇到只有成人才能接觸的內容。
另外,美國還採取軟體分級制度,由國家娛樂軟體定級委員會對網路遊戲軟體進行定級,劃分出適合不同年齡階段的遊戲級別。
美國強制執行
美國政府部門已組成專家班子強制執行1998年頒布的一項聯邦法令《網上兒童 隱私保護法》,該法令的內容是沒有得到父母其中一人的許可,禁止任何網站收集 兒童的私人信息,包括姓名、住址。
美國聯邦貿易委員會的律師洛倫·G·湯普森說,這項法令是美國政府部門應該 優先考慮的事項。管理者們正在密切關注這項法令的執行情況。
湯普森說,美國政府部門已組成十幾個人的專家班子,在政府最先進的計算機 實驗室里採取“掃蕩”行動,對那些不受約束的網站進行仔細研究,這些網站要獲 得或與其他公司分享兒童的信息,必須得到兒童父母的許可。這些公司獲準採取的 方式有:通過信函、文傳、免費電話、信用卡、或電子郵件。
湯普森強調,美國政府部門有能力每天檢查幾百個網站。該部門正在尋找令人 放心並且已經獲得了父母許可的網站。每一名兒童的電子郵件或傳送的可以確認的 信息,例如姓名或地址,如果沒有得到父母其中一人的同意,一個網站的經營者就 將被罰款1.1萬美元。
英文法案全文
Children's Online Privacy Protection Act of 1998
TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION
SEC. 1301. SHORT TITLE.
This title may be cited as the "Children's Online Privacy Protection Act of 1998".
SEC. 1302. DEFINITIONS.
In this title:
(1) CHILD.—The term "child" means an individual under the age of 13.
(2) OPERATOR.—The term "operator"—
(A) means any person who operates a website located on the Internet or an online service and who collects or maintains personal information from or about the users of or visitors to such website or online service, or on whose behalf such information is collected or maintained, where such website or online service is operated for commercial purposes, including any person offering products or services for sale through that website or online service, involving commerce—
(i) among the several States or with 1 or more foreign nations;
(ii) in any territory of the United States or in the District of Columbia, or between any such territory and—
(I) another such territory; or
(II) any State or foreign nation; or
(iii) between the District of Columbia and any State, territory, or foreign nation; but
(B) does not include any nonprofit entity that would otherwise be exempt from coverage under section 5 of the Federal Trade Commission Act (15 U.S.C. 45).
(3) COMMISSION.—The term "Commission" means the Federal Trade Commission.
(4) DISCLOSURE.—The term "disclosure" means, with respect to personal information—
(A) the release of personal information collected from a child in identifiable form by an operator for any purpose, except where such information is provided to a person other than the operator who provides support for the internal operations of the website and does not disclose or use that information for any other purpose; and
(B) making personal information collected from a child by a website or online service directed to children or with actual knowledge that such information was collected from a child, publicly available in identifiable form, by any means including by a public posting, through the Internet, or through—
(i) a home page of a website;
(ii) a pen pal service;
(iii) an electronic mail service;
(iv) a message board; or
(v) a chat room.
(5) FEDERAL AGENCY.—The term "Federal agency" means an agency, as that term is defined in section 551(1) of title 5, United States Code.
(6) INTERNET.—The term "Internet" means collectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the Transmission Control Protocol/ Internet Protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio.
(7) PARENT.—The term "parent" includes a legal guardian.
(8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including—
(A) a first and last name;
(B) a home or other physical address including street name and name of a city or town;
(C) an e-mail address;
(D) a telephone number;
(E) a Social Security number;
(F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or
(G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.
(9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
(10) WEBSITE OR ONLINE SERVICE DIRECTED TO CHILDREN.—
(A) IN GENERAL.—The term "website or online service directed to children" means—
(i) a commercial website or online service that is targeted to children; or
(ii) that portion of a commercial website or online service that is targeted to children.
(B) LIMITATION.—A commercial website or online service, or a portion of a commercial website or online service, shall not be deemed directed to children solely for referring or linking to a commercial website or online service directed to children by using information location tools, including a directory, index, reference, pointer, or hypertext link.
(11) PERSON.—The term "person" means any individual, partnership, corporation, trust, estate, cooperative, association, or other entity.
(12) ONLINE CONTACT INFORMATION.—The term "online contact information" means an e-mail address or an-other substantially similar identifier that permits direct contact with a person online.
SEC. 1303. REGULATION OF UNFAIR AND DECEPTIVE ACTS AND PRACTICES IN CONNECTION WITH THE COLLECTION AND USE OF PERSONAL INFORMATION FROM AND ABOUT CHILDREN ON THE INTERNET.
(a) ACTS PROHIBITED.—
(1) IN GENERAL.—It is unlawful for an operator of a website or online service directed to children, or any operator that has actual knowledge that it is collecting personal information from a child, to collect personal information from a child in a manner that violates the regulations prescribed under subsection (b).
(2) DISCLOSURE TO PARENT PROTECTED.—Notwithstanding paragraph (1), neither an operator of such a website or online service nor the operator's agent shall be held to be liable under any Federal or State law for any disclosure made in good faith and following reasonable procedures in responding to a request for disclosure of per-sonal information under subsection (b)(1)(B)(iii) to the parent of a child.
(b) REGULATIONS.—
(1) IN GENERAL.—Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate under section 553 of title 5, United States Code, regulations that—
(A) require the operator of any website or online service directed to children that collects personal information from children or the operator of a website or online service that has actual knowledge that it is collecting personal information from a child—
(i) to provide notice on the website of what information is collected from children by the operator, how the operator uses such information, and the operator's disclosure practices for such information; and
(ii) to obtain verifiable parental consent for the collection, use, or disclosure of personal information from children;
(B) require the operator to provide, upon request of a parent under this subparagraph whose child has provided personal information to that website or online service, upon proper identification of that parent, to such par-ent—
(i) a description of the specific types of personal information collected from the child by that operator;
(ii) the opportunity at any time to refuse to permit the operator's further use or maintenance in retrievable form, or future online collection, of personal information from that child; and
(iii) notwithstanding any other provision of law, a means that is reasonable under the circumstances for the parent to obtain any personal information collected from that child;
(C) prohibit conditioning a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity; and
(D) require the operator of such a website or online service to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.
(2) WHEN CONSENT NOT REQUIRED.—The regulations shall provide that verifiable parental consent under paragraph (1)(A)(ii) is not required in the case of—
(A) online contact information collected from a child that is used only to respond directly on a one-time basis to a specific request from the child and is not used to recontact the child and is not maintained in retrievable form by the operator;
(B) a request for the name or online contact information of a parent or child that is used for the sole purpose of obtaining parental consent or providing notice under this section and where such information is not maintained in retrievable form by the operator if parental consent is not obtained after a reasonable time;
(C) online contact information collected from a child that is used only to respond more than once directly to a specific request from the child and is not used to recontact the child beyond the scope of that request—
(i) if, before any additional response after the initial response to the child, the operator uses reasonable efforts to provide a parent notice of the online contact information collected from the child, the purposes for which it is to be used, and an opportunity for the parent to request that the operator make no further use of the information and that it not be maintained in retrievable form; or
(ii) without notice to the parent in such circumstances as the Commission may determine are appropriate, taking into consideration the benefits to the child of access to information and services, and risks to the security and privacy of the child, in regulations promulgated under this subsection;
(D) the name of the child and online contact information (to the extent reasonably necessary to protect the safety of a child participant on the site)—
(i) used only for the purpose of protecting such safety;
(ii) not used to recontact the child or for any other purpose; and
(iii) not disclosed on the site, if the operator uses reasonable efforts to provide a parent notice of the name and online contact information collected from the child, the purposes for which it is to be used, and an opportunity for the parent to request that the operator make no further use of the information and that it not be maintained in retrievable form; or
(E) the collection, use, or dissemination of such information by the operator of such a website or online service necessary—
(i) to protect the security or integrity of its website;
(ii) to take precautions against liability;
(iii) to respond to judicial process; or
(iv) to the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety. 1815
(3) TERMINATION OF SERVICE.—The regulations shall permit the operator of a website or an online service to terminate service provided to a child whose parent has refused, under the regulations prescribed under paragraph (1)(B)(ii), to permit the operator's further use or maintenance in retrievable form, or future online collection, of personal information from that child.
(c) ENFORCEMENT.—Subject to sections 1304 and 1306, a violation of a regulation prescribed under subsection (a) shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(d) INCONSISTENT STATE LAW.—No State or local government may impose any liability for commercial activities or actions by operators in interstate or foreign commerce in connection with an activity or action described in this title that is inconsistent with the treatment of those activities or actions under this section.
SEC. 1304. SAFE HARBORS.
(a) GUIDELINES.—An operator may satisfy the requirements of regulations issued under section 1303(b) by following a set of self-regulatory guidelines, issued by representatives of the marketing or online industries, or by other persons, approved under subsection (b).
(b) INCENTIVES.—
(1) SELF-REGULATORY INCENTIVES.—In prescribing regulations under section 1303, the Commission shall provide incentives for self-regulation by operators to implement the protections afforded children under the regulatory requirements described in subsection (b) of that section.
(2) DEEMED COMPLIANCE.—Such incentives shall include provisions for ensuring that a person will be deemed to be in compliance with the requirements of the regulations under section 1303 if that person complies with guidelines that, after notice and comment, are approved by the Commission upon making a determination that the guidelines meet the requirements of the regulations issued under section 1303.
(3) EXPEDITED RESPONSE TO REQUESTS.—The Commission shall act upon requests for safe harbor treatment within 180 days of the filing of the request, and shall set forth in writing its conclusions with regard to such requests.
(c) APPEALS.—Final action by the Commission on a request for approval of guidelines, or the failure to act within 180 days on a request for approval of guidelines, submitted under subsection (b) may be appealed to a district court of the United States of appropriate jurisdiction as provided for in section 706 of title 5, United States Code.
SEC. 1305. ACTIONS BY STATES.
(a) IN GENERAL.—
(1) CIVIL ACTIONS.—In any case in which the attorney general of a State has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by the engagement of any person in a practice that violates any regulation of the Commission prescribed under section 1303(b), the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction to—
(A) enjoin that practice;
(B) enforce compliance with the regulation;
(C) obtain damage, restitution, or other compensation on behalf of residents of the State; or
(D) obtain such other relief as the court may consider to be appropriate.
(2) NOTICE.—
(A) IN GENERAL.—Before filing an action under paragraph (1), the attorney general of the State involved shall provide to the Commission—
(i) written notice of that action; and
(ii) a copy of the complaint for that action.
(B) EXEMPTION.—
(i) IN GENERAL.—Subparagraph (A) shall not apply with respect to the filing of an action by an attorney general of a State under this subsection, if the attorney general determines that it is not feasible to provide the notice described in that subparagraph before the filing of the action.
(ii) NOTIFICATION.—In an action described in clause (i), the attorney general of a State shall provide notice and a copy of the complaint to the Commission at the same time as the attorney general files the action.
(b) INTERVENTION.—
(1) IN GENERAL.—On receiving notice under subsection (a)(2), the Commission shall have the right to intervene in the action that is the subject of the notice.
(2) EFFECT OF INTERVENTION.—If the Commission intervenes in an action under subsection (a), it shall have the right—
(A) to be heard with respect to any matter that arises in that action; and
(B) to file a petition for appeal.
(3) AMICUS CURIAE.—Upon application to the court, a person whose self-regulatory guidelines have been approved by the Commission and are relied upon as a defense by any defendant to a proceeding under this section may file amicus curiae in that proceeding.
(c) CONSTRUCTION.—For purposes of bringing any civil action under subsection (a), nothing in this title shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to—
(1) conduct investigations;
(2) administer oaths or affirmations; or
(3) compel the attendance of witnesses or the production of documentary and other evidence.
(d) ACTIONS BY THE COMMISSION.—In any case in which an action is instituted by or on behalf of the Commission for violation of any regulation prescribed under section 1303, no State may, during the pendency of that action, institute an action under subsection (a) against any defendant named in the complaint in that action for violation of that regulation.
(e) VENUE; SERVICE OF PROCESS.—
(1) VENUE.—Any action brought under subsection (a) may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code.
(2) SERVICE OF PROCESS.—In an action brought under subsection (a), process may be served in any district in which the defendant—
(A) is an inhabitant; or
(B) may be found.
SEC. 1306. ADMINISTRATION AND APPLICABILITY OF ACT.
(a) IN GENERAL.—Except as otherwise provided, this title shall be enforced by the Commission under the Federal Trade Commission Act (15 U.S.C. 41 et seq.).
(b) PROVISIONS.—Compliance with the requirements imposed under this title shall be enforced under—(1) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of—
(A) national banks, and Federal branches and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency;
(B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25(a) of the Federal Reserve Act (12 U.S.C. 601 et seq. and 611 et seq.), by the Board; and
(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System) and insured State branches of foreign banks, by the Board of Direc- tors of the Federal Deposit Insurance Corporation;
(2) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), by the Director of the Office of Thrift Supervision, in the case of a savings association the deposits of which are insured by the Federal Deposit Insurance Corporation;
(3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the National Credit Union Administration Board with respect to any Federal credit union;
(4) part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part;
(5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities subject to that Act; and
(6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration with respect to any Federal land bank, Federal land bank association, Federal intermediate credit bank, or production credit association.
(c) EXERCISE OF CERTAIN POWERS.—For the purpose of the exercise by any agency referred to in subsection (a) of its powers under any Act referred to in that subsection, a violation of any requirement imposed under this title shall be deemed to be a violation of a requirement imposed under that Act. In addition to its powers under any provision of law specifically referred to in subsection (a), each of the agencies referred to in that subsection may exercise, for the purpose of enforcing compliance with any requirement imposed under this title, any other authority conferred on it by law.
(d) ACTIONS BY THE COMMISSION.—The Commission shall prevent any person from violating a rule of the Commission under section 1303 in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this title. Any entity that violates such rule shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the same jurisdiction, power, and duties as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of this title.
(e) EFFECT ON OTHER LAWS.—Nothing contained in the Act shall be construed to limit the authority of the Commission under any other provisions of law.
SEC. 1307. REVIEW.
Not later than 5 years after the effective date of the regulations initially issued under section 1303, the Commission shall—
(1) review the implementation of this title, including the effect of the implementation of this title on practices relating to the collection and disclosure of information relating to children, children's ability to obtain access to information of their choice online, and on the availability of websites directed to children; and
(2) prepare and submit to Congress a report on the results of the review under paragraph (1).
SEC. 1308. EFFECTIVE DATE. Sections 1303(a), 1305, and 1306 of this title take effect on the later of—
(1) the date that is 18 months after the date of enactment of this Act; or
(2) the date on which the Commission rules on the first application filed for safe harbor treatment under section 1304 if the Commission does not rule on the first such application within one year after the date of enactment of this Act, but in no case later than the date that is 30 months after the date of enactment of this Act.