The Children’s Online Privacy Protection Act (“COPPA”, 15 U.S.C. 6501 et seq.), became effective on April 21, 2000 and applies to the online collection of personal information from children under age 13.
The new rules set forth a website operator’s obligations with regard to its privacy policy. The rules also address when and how a website operator must seek verifiable consent from a parent as well as the operator’s responsibilities with regard to protecting children’s privacy and safety online.
The following sets forth a brief overview of the act’s provisions. The following should not be construed as a complete statement of COPPA’s provisions. Please contact one of our attorneys for additional information about the act’s specific provisions, applicability and compliance measures.
Who Must Comply with COPPA?
What Compliance Measures are Required?
Where Can I Find More Information?
1.Commercial Web Site Operators
If you operate a commercial website or an online service directed to children under 13 that collects personal information from children or if you operate a general audience website and have actual knowledge that you are collecting personal information from children, you must comply with the Children’s Online Privacy Protection Act.
2. Meaning of “Directed to Children”
To determine whether a website is directed to children, the Federal Trade Commission (FTC) considers several factors, including the subject matter; visual or audio content; the age of models on the site; language; whether advertising on the Web site is directed to children; information regarding the age of the actual or intended audience; and whether a site uses animated characters or other child-oriented features.
3. Web Site “Operator”
To determine whether an entity is an “operator” with respect to information collected at a site, the FTC will consider who owns and controls the information; who pays for the collection and maintenance of the information; what the pre-existing contractual relationships are in connection with the information; and what role the website plays in collecting or maintaining the information.
4. Types of Information Covered
COPPA and the Rule apply to individually identifiable information about a child that is collected online, such as the child’s full name, home address, email address, telephone number or any other information that would allow someone to identify or contact the child. The Act and Rule also cover other types of information — for example, hobbies, interests and information collected through cookies or other types of tracking mechanisms — when they are tied to individually identifiable information.
1. Privacy Notice
An operator must post a clear and prominent link to a notice of its information practices on the home page of its website or online service and at each area where it collects personal information from children. The notice must be clearly written and understandable; it should not include any unrelated or confusing materials.
2. Direct Notice to Parents
The operator must also provide direct notice to any parent whose child interfaces with the website in a manner that is governed by COPPA.
3. Verifiable Parental Consent
Before collecting, using or disclosing personal information from a child, an operator must obtain verifiable parental consent from the child’s parent. This means an operator must make reasonable efforts (taking into consideration available technology) to ensure that before personal information is collected from a child, a parent of the child receives notice of the operator’s information practices and consents to those practices.
4. Exceptions
The regulations include several exceptions that allow operators to collect a child’s email address without getting the parent’s consent in advance. These exceptions cover many popular online activities for kids, including contests, online newsletters, homework help and electronic postcards.
5. Revoking & Deleting
At any time, a parent may revoke his/her consent, refuse to allow an operator to further use or collect a child’s personal information, and direct the operator to delete the information.
For more information about COPPA please contact one of the attorneys in our transactions group.
The Federal Trade Commission website at www.ftc.gov is a good resource. You can also call the FTC’s Consumer Response Center toll-free at 1-877-FTC-HELP (382-4357), or write Consumer Response Center, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. On the FTC site, scroll to the bottom of the page and use the “search” feature, look up “Children’s Online Privacy Protection Act” and you will be directed to press releases and additional information related to COPPA.
The FTC maintains pages on its web site devoted to COPPA and children’s online issues generally at www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm and www.ftc.gov/kidzprivacy. Both are good resources for information related to COPPA.