Children's Online Privacy Protection Act: COPPA Rule Summary and Case Examples
To protect minors on the Internet, U.S. officials passed The Children's Online Privacy Protection Act (COPPA) in 2000 -- and have updated it several times, since.
Essentially, COPPA governs online data collection of people aged 13 and younger.
Directly below, you'll find a summary of COPPA rules. Keep scrolling past that section and you'll find case studies and news summaries related to the Children's Online Privacy Protection Act.
Got questions for an Internet law attorney that handles COPPA issues? Please get in touch.
Who Is Beholden To COPPA?
- Anyone who operates an online service or commercial website that attracts children. Not purposefully targeting kids? No matter. If they come, you're beholden to COPPA standards.
- Anyone operating a website designed for general public consumption that collects information about users.
- Anyone who develops plugins or add-ons that can be used on a site visited by minors.
Website Factors When Considering COPPA Responsibility
Factors the FTC evalutaes when determining if a property falls under COPPA's purview:
- Subject matter;
- Advertising on the site, coupled with the intended target;
- Audio or visual content including animated characters;
- Age of the models;
- Information regarding the age of the intended or actual audience;
- Any features that may be child-oriented.
In addition, when determining who is and who isn't an "operator" under COPPA definitions, the FTC considers the quality of the information being collected. For example:
- Who owns and controls the information being collected?
- Who pays for the information and maintains it?
- What pre-existing contractual information exists?
- What is the role of the property under investigation in collecting and maintaining the information under review?
COPPA's TV-Inspired Roots
Basic Provisions of COPPA
Under the Children's Online Privacy Protection Act, a website's Privacy Notice must:
- Include a link to data collection practices for each area where a child's personal information is inputed.
- Be posted prominently and clearly, using a distinctive font.
- Be clearly worded and free of unrelated information that might distract from the intended message.
- Sit on a contrasting background (i.e., dark text on a light background for easy reading).
Parental Notice Under COPPA
Privacy policies on websites must include a parental notice telling parents what, why, and how information is being collected, in addition to an explanation of what is done with the data after it's collected. The policy must explain that information can only be collected with verifiable parental consent. It should also instruct parents on how to submit consent, as well as complaints. Under COPPA, the terms or privacy notice should also include:
- Website operators' names and contact information for at least one;
- Delineation of what information is collected, with an explanation of how it's collected;
- Explanation of how the collected data will be used;
- Third-party info: Who they are, their business, and how they will use the info;
- Clear steps on how parents can disallow third-party access to the information;
- Instructions on how to get data deleted and the process of how to disallow further data collection;
What Constitutes Personal Information Under COPPA?
COPPA's rules define what information is considered actionable under the law. Specifically:
- Full Name
- Home Address
- Email Address
- Telephone Number