How to Design Forward-to-a-Friend Features

In December 2007, the FTC updated the Children’s Online Privacy Protection Rule FAQs 27, 30, and 44 – all clarifying compliance regarding email exceptions.

Most notably, changes to FAQ 44 clarify how websites can use the one-time email exception for a forward-to-a-friend feature.

TRUSTe is now recommending that our seal holders design forward-to-a-friend features on children’s websites to not display the sender’s email address or full name and to immediately delete the recipient and sender’s email addresses from its systems after sending the email message.

By doing this, the one-time email exception can be used.

Three Key Practices to Consider when Designing a Forward-to-a-Friend Feature for a Children’s Website

    • If the forward-to-a-friend feature immediately sends the message and immediately deletes both the recipient and sender’s email address, the one-time exception can be used as long as the sender’s email address or full name is not displayed within the email or in the from line.
      • The sender’s first name and last initial can be displayed in the email or the “from line” so the recipient knows who initiated the email.
    • If the forward-to-a-friend feature provides an option to send the message at a later date and retains both the recipient and sender’s email address until the message is sent, then the sender’s parent must be provided notice and the opportunity opt-out of further use of information.
      • The sender’s email address or full name is not displayed within the email or in the “from line.”
      • The sender’s first name and last initial can be displayed in the email or the “from line” so the recipient knows who initiated the email.
    • If the sender’s email address or full name are displayed within the body of the email or in the “from line”, then the site needs to obtain verifiable parental consent before collecting this information and sending the email.

Additionally, FAQ 27 has been updated to explain what the notice to the parent must contain when a site wishes to utilize one of the email exceptions that require a notice be sent to the parent.

FAQ 30 updates further clarify the requirements around utilizing one of the five email exceptions, specifically the requirements around utilizing the child safety exception.

Forward-to-a-Friend Example

TRUSTe certified Creative Consumer Concepts develops kid’s birthday club sites for its restaurant clients. The sites have a Tell-a-Friend feature which collects the minimum amount of information needed to send the friend an email telling them about the site.

The friend receives a message, and the “from line” has the address for the company sending the message: captaindsb [at] kidsbirthdayclub.com. The sender’s name or email address is not revealed in the “from line” or within the body of the email.