The Children’s Online Privacy Protection Act (COPPA) imposes specific requirements of online website operators or services that knowingly collect personal information from individuals 13 years of age and under. The act places strict limits on how data from this age group is used.
COPPA laws are stricter than data governance of older people, and gives parents the ability to monitor and approve information their children share. Many sites try to avoid COPPA compliance altogether by banning young users from usage. Others may think their content isn’t appealing to children, thus exempting them from COPPA regulation. However, the FTC may not see it that way.
How can you comply with COPPA?
Several organizations wonder if they even need to comply with COPPA. This answer may be more complicated than it seems, and some questions are a bit ambiguous.
Businesses need to comply with COPPA if your website is directed to and collecting data on children under 13, your company knowingly runs ads or plug-ins that collect data on children under 13, or your website is directed to a broad age demographic, but also collects information of children under 13.
COPPA Compliance Checklist
- NPost comprehensive and clear online privacy policies. Detail data practices and personal information collected from those under 13.
- NObtain verifiable parental consent prior to any data collection, use, or disclosure.
- NStrive to provide parents with notice of your online practices when it comes to use of PI from children under 13.
- NMaintain procedures to safeguard confidentiality and integrity of personal information collected from children under 13.
- NDelete PI from children under 13 as soon as it fulfills the purpose for which it was collected.
- NProvide a way for parents to review the personal information collected from their child.
COPPA Essentials
Privacy Policies
Establish and maintain current privacy policies describing information practices.
Transparency
Make every effort to provide parents with collected PI, consent forms, and privacy notices.
Employee Education
Routine compliance training should be scheduled regularly with all relevant team members.
COPPA Safe Harbor Program
The self-created COPPA Safe Harbor Program is a resource where organizations can submit its self-regulatory guidelines to the FTC.
Resource
Federal Trade Commission, Children’s Online Privacy Protection Rule
This information is not intended to serve as legal advice. Nor is it intended to act as compliance advice specific to the processes of any specific company. Application of compliance laws is a company-specific endeavor. We recommend that you contact compliance counsel to discuss the application of information found herein to your operations.