WASHINGTON (CNS) -- Now that the Children's Online Privacy and Protection Act has been law for 20 years, professionals and activists in the field have a focused view of its strengths and shortcomings, particularly in the enforcement department.

The law gives enforcement power to the Federal Trade Commission, but the FTC has taken action only 24 times in those 20 years.

Angela Campbell of the Institute for Public Representation at Georgetown University Law School, which hosted a COPPA conference in October, said she had filed 13 complaints with the FTC over violations she saw, but all too often, "most of the time they don't even give us a closing letter" telling her an investigation has been completed -- or perhaps not even launched.

"The first one I filed was pre-COPPA, against kids.com. (FTC) staff agreed there was problem with it and it got the ball rolling with COPPA legislation," Campbell said. "The companies and the trade associations had said, "Oh, we don't need regulation, we can self-regulate.' But in this case, it didn't work, and we got COPPA."

Dona Fraser of the Children's Advertising Review Unit, a COPPA "safe harbor" program that works with website developers to make their sites adhere to COPPA regulations, boasted of her "clean track record" in her 12 years of doing this work. "None of the companies using Safe Harbor has been dinged by the FTC," she said.

Fraser added her company has conducted more than 20 compliance investigations, "When we find someone in violation of COPPA, we notify them. Ninety percent of the companies we deal with want to be compliant," she said. "Most of them don't know what they're supposed to do."

Campbell replied that the problem faced by firms like Fraser's is "they can't force someone to comply if they don't want to comply. There's a couple of times where the FTC has taken action, but most of the times they don't."

"I don't think we can count on safe harbors to do most of the work on enforcement," said David Vladeck, a Georgetown Law professor who moderated the panel on enforcement. "We want the safe harbors to provide information to parents. That's a really heavy job."

COPPA, passed in 1998, "predates Google, it predates Facebook, it predates virtually every company we still know," Vladeck said.

Cholla Khoury, director of the New Mexico Attorney General's Office of Consumer and Environmental Protection, said: "Enforcement is something that companies have to deal with. We tell this to the charities that we regulate."

Google and Tiny Lab are just two of New Mexico's recent targets over data collection and sharing.

Khoury added, "You run across bad businesses that are just plain bad for everybody," adding, "Those businesses who put themselves above the (legal) standard are at a competitive disadvantage against those that do not participate in that standard."

When compliance is voluntary, she said, "the incentives have to match the opposite incentive. That incentive has to match the incentive of playing fast and loose with the rules. ... The enforcement has to be strong and it has to be robust to make the penalties for not complying more difficult than for complying with the law."

"I'll tell you why I think COPPA is incredibly difficult to enforce," Vladeck said. "It's an incredibly diffuse environment with lots of undercapitalized players."

He added that in a 30-year FTC career before taking a professorship at Georgetown Law School, "we brought COPPA cases, but we also brought data reach cases, we brought privacy cases, we brought fraud cases."

"And I'm not sure you get that much deterrence. ... If you bring big cases, maybe you get general deterrence," he said.

Khoury suggested that "private rights of action," or individual lawsuit alleging data theft, data mining, and un-permitted data sharing, "would certainly shine more light on this."

Fraser cautioned about the potential effects of such a move. "My issue goes way back to how much knowledge that people can bring a private right of action," she said, given that they're generally less tech-savvy than their own children.

For her part, Campbell is supportive of private rights of action, but noted the industry heavyweights have already lobbied Congress to pass a bill that would pre-empt a tough California state-level internet privacy law approved earlier this year.

Many of the privacy-erosion problems are caused not by the owners of the websites, but by the third-party website owners linked to the original website.

"When you have an industry that is on its honor," Khoury said, "you run into trouble."

- - -

Pattison is media editor for Catholic News Service.

- - -

When you keep your eye on TV, what do you see? What are your likes or dislikes? What are your concerns and criticisms? Be as general or as specific as you wish. Send your comments to: Mark Pattison, Media Editor, Catholic News Service, 3211 Fourth St. NE, Washington, DC 20017.