Your Shopping Cart
By using this site you agree to our use of cookies. Please refer to our privacy policy for more information. Close
Home
› Best Practices
Protecting Children's Privacy under Children's Online Privacy Protection Act (COPPA)
- By: Staff Editor
- Date: July 08, 2009
Protecting Children's Privacy under Children's Online Privacy Protection Act (COPPA)
The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites altogether disallow underage children from using their services due to the amount of paper-work involved.
Background
The Federal Trade Commission has the authority to issue regulations and enforce COPPA. Also under the terms of COPPA, the FTC designated ‘safe harbor’ provision is designed to encourage increased industry self-regulation. Under this provision, industry groups and others may request Commission approval of self-regulatory guidelines to govern participants’ compliance, such that Web site operators in Commis-sion-approved programs would first be subject to the disciplinary procedures of the safe harbor program in lieu of FTC enforcement. To date, the FTC has granted safe harbor to four companies, namely, TRUSTe, ESRB, CARU and Privo.
Key Features
- The Act applies to websites and online services operated for commercial purposes that are ei-ther directed to children under 13 or have actual knowledge that children under 13 are provid-ing information online.
- Most recognized non-profit organizations are exempt from most of the requirements of COPPA.
- However, non-profit organizations operated for the benefit of their members' commercial ac-tivities are subject to FTC regulation and consequently, COPPA.
- The type of "verifiable parental consent" that is required before collecting and using information provided by children under 13 is based upon a "sliding scale" set forth in a Federal Trade Com-mission regulation that takes into account the manner in which the information is being col-lected and the uses to which the information will be put.
Compliance
Website operators must use reasonable procedures to ensure they are dealing with the child's parent. These procedures may include:
- Obtaining a signed form from the parent via postal mail or facsimile.
- Accepting and verifying a credit card number;
- Taking calls from parents on a toll-free telephone number staffed by trained personnel;
- Obtaining emails accompanied by digital signature;
- Obtaining emails accompanied by a PIN or password obtained through one of the verification methods above.
Requirements of COPPA
Placement |
|
Content | The notice must be clearly written and understandable; it should not include any unrelated or confusing materials. It must state the following information:
|
Disclosures to Third Parties | An operator must give a parent the option to agree to the collection and use of the child's personal information without agreeing to the disclosure of the information to third parties. However, when a parent agrees to the collection and use of their child's personal information, the operator may release that information to others who use it solely to provide support for the internal operations of the website or service, including technical support and order fulfillment. |
New Notice for Consent | An operator is required to send a new notice and request for consent to parents if there are material changes in the collection, use or disclosure practices to which the parent had previously agreed. |
Access Verification |
|
Revoking & Deleting
- At any time, a parent may revoke his/her consent, refuse to allow an operator to further use or collect their child's personal information, and direct the operator to delete the information. In turn, the operator may terminate any service provided to the child, but only if the information at issue is reasonably necessary for the child's participation in that activity.
- If, after giving consent, a parent asks the operator to delete the child's information, the operator may refuse to allow the child to participate in the chat room in the future.
- If other activities on the Web site do not require the child's email address, the operator must al-low the child access to those activities.
Enforcement
The Commission may bring enforcement actions and impose civil penalties for violations of the Rule in the same manner as for other Rules under the FTC Act. The Commission also retains authority under Section 5 of the FTC Act to examine information practices for deception and unfairness, including those in use before the Rule's effective date. In interpreting Section 5 of the FTC Act, the Commission has de-termined that a representation, omission or practice is deceptive if it is likely to:
- Mislead consumers; and
- Affect consumers' behavior or decisions about the product or service.
Exceptions
The regulations include several exceptions that allow operators to collect a child's email address without getting the parent's consent in advance. These exceptions cover many popular online activities for kids, including contests, online newsletters, homework help and electronic postcards.
Prior parental consent is not required when an operator collects:
- a child's or parent's email address to provide notice and seek consent,
- an email address to respond to a one-time request from a child and then deletes it,
- an email address to respond more than once to a specific request -- say, for a subscription to a newsletter,
- a child's name or online contact information to protect the safety of a child who is participating on the site,
- a child's name or online contact information to protect the security or liability of the site or to respond to law enforcement, if necessary, and does not use it for any other purpose.
Source:
Compliance Trainings
Pregnancy in the Workplace: Strategies to Protect Your Organization from Pregnancy Discrimination Claims
By - Christopher W. Olmsted
On Demand Access Anytime
By - Christopher W. Olmsted
On Demand Access Anytime
How to Vet an IRB: Expose and Fix Problems Before They Threaten Your Trial
By - Madhavi Diwanji
On Demand Access Anytime
By - Madhavi Diwanji
On Demand Access Anytime
Compliance Standards
Best Sellers
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
-
By: Miles HutchinsonAdd to CartPrice: $249
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
-
San Francisco, CA | Aug 6-7, 2020
-
Virtual Seminar | Jul 16-17, 2020
-
Virtual Seminar | Jun 18-19, 2020
-
Los Angeles, CA | Aug 20-21, 2020
-
Virtual Seminar | Jul 16-17, 2020
-
Virtual Seminar | Jun 25-26, 2020
-
Virtual Seminar | Jun 10, 2020
-
Virtual Seminar | Jun 3-4, 2020
-
Virtual Seminar | Jul 6-7, 2020
-
San Francisco, CA | Oct 22-23, 2020
-
Virtual Seminar | Jul 9-10, 2020
-
Virtual Seminar | Jun 3-4, 2020
-
Virtual Seminar | June 3-4, 2020
-
Miami, FL | Jul 29-31, 2020
-
Virtual Seminar | Jun 17, 2020
-
Provider: ANSIAdd to CartPrice: $142
- Add to Cart
- Add to Cart
- Add to Cart
-
Provider: ANSIAdd to CartPrice: $120
-
Provider: ANSIAdd to CartPrice: $250
-
Provider: SEPTAdd to CartPrice: $299
- Add to Cart
-
Provider: Quality-Control-PlanAdd to CartPrice: $37
- Add to Cart
-
Provider: At-PQCAdd to CartPrice: $397
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
You Recently Viewed