COPPA: Children’s Online Privacy Protection Act Summary

COPPA is meant to keep the kids safe…online.

The Internet is a hotbed of opportunity, communication and information. It’s also teeming with ne’er-do-wells — many of whom target children. As such, in an effort to better protect people aged 13 and under on the Internet, U.S. officials passed The Children’s Online Privacy Protection Act (COPPA) .

The Children’s Online Privacy Protection Act went into effect on April 21, 2000; it was then updated in March 2013. Essentially, the law governs the online collection of personal information from anyone who is 13 or younger.

COPPA rules specifically define what needs to be included in a website’s privacy policy. It also provides detailed instructions on how and when to acquire verifiable parental consent. In addition, COPPA outlines a website owner’s responsibilities with regards to protecting the online safety and privacy of minors.

COPPA governs the electronic collection of “personally identifiable information” of minors.

Who Must Abide by the COPPA Standards?

  1. Anyone who operates an online service or commercial website that is attractive to children below the age of 13. Even if you don’t mean to target kids, if they come to your site, you’re responsible for knowing and following COPPA standards.
  2. Anyone operating a website designed for general public consumption that collects information about users.
  3. Anyone who develops plugins or add-ons that can be used on a site visited by minors.

Factors evaluated when determining if a website or software falls under COPPA’s purview:

  • Subject matter;
  • Language;
  • Advertising on the site, coupled with the intended target;
  • Audio or visual content including animated characters;
  • Age of the models;
  • Information regarding the age of the intended or actual audience;
  • Any features that may be child-oriented.

In addition, when determining who is and who isn’t an “operator” under COPPA definitions, the FTC considers the quality of the information being collected . For example:

  • Who owns and controls the information being collected?
  • Who pays for the information and maintains it?
  • What pre-existing contractual information exists? Is connected with that information?
  • What is the role of the website under investigation in collecting and maintaining the information under review?

What Personal Information Are We Talking About When It Comes To COPPA?

COPPA’s rules define what collected information is considered actionable under the law. Specifically:

  • Full Name
  • Home Address
  • Email Address
  • Telephone Number

Any other information that could be used to contact or identify a child is also covered, like interests and hobbies. Also covered under COPPA is digital info collected through Internet cookies or other tracking technologies, when are attached to personally identifying information.

COPPA’s TV-Inspired Roots

The roots of COPPA standards were planted in the 1960s — when television networks and programmers enticed kids with add-on goodies. Not only were they advertising products, like breakfast cereals, with toys, they were doing it unethically. It was as a result of those sketchy advertising campaigns that birthed concern about the effects of advertising on kids. COPPA is the 21st century version.

COPPA’s roots can be traced back to concern over 1960s cereal advertising.

Basic Provisions of COPPA:

Under the Children’s Online Privacy Protection Act a website’s Privacy Notice must:

  • include a link to the operation’s information practices for each area where a child’s personal information is collected.
  • be posted prominently and clearly, using a font or text color distinctively different than the other text.
  • be clearly stated without any confusing terminology or unrelated material that
    might distract from the intended message.
  • sit on a contrasting background (i.e., dark text on a light background for easy reading).

Parental Notice Under COPPA

Privacy policies on websites should include a parental notice telling parents what, why and how information is being collected, in addition to what is done with the data. It must inform parents that the information can only be collected with verifiable parental consent. It should also instruct parents on how to submit consent as well as complaints.

Under COPPA, the terms or privacy notice should also include:

  • The names of all website operators and the contact information of at least one;
  • The information is being collected, with an explanation of how it’s being collected;
  • Explanation of how the collected data will be used;
  • Third-party info: who they are, their business and how they will use the
  • Clear notice on how parents can disallow third party access to the information;
  • Instructions on how to get data deleted and the process of how to disallow further data collection;

TL;DR COPPA Law Summary

This is but a thumbnail view of the Children’s Online Privacy Protection Act. In short, the bill’s is intended to protect children from being sucked into the web of deceit often spun by unscrupulous website owners and operators. As of this writing, nearly everyone who collects information online –whether it be through contact forms or user registration — should familiarize themselves with COPPA standards. The gist: make sure your website policies explain how parents can a) remove their children’s data, b) give consent for their kid to register for your site. You should also delineate how information is used after it’s collected.

If parents are diligent in monitoring their children’s online activities, there’s less chance children will be exposed to the unethical and dangerous Internet situations. However, even loving, dutiful parents can use a little help — and that’s what COPPA is all about.

Legal Disclaimer | Privacy Policy | Terms of Service
© 2017 Kelly Warner Law PLLC. All Rights Reserved.
800: 1-866-570-8585
Office: 480-588-0449