Children's Online Privacy Protection Act: COPPA Rule Summary and Case Examples

To protect minors on the Internet, U.S. officials passed The Children's Online Privacy Protection Act (COPPA) in 2000 -- and have updated it several times, since.

Essentially, COPPA governs online data collection of people aged 13 and younger.

COPPA defines privacy policy requirements, data collection parameters, and the process of acquiring verifiable parental consent.

Directly below, you'll find a summary of COPPA rules. Keep scrolling past that section and you'll find case studies and news summaries related to the Children's Online Privacy Protection Act.

Got questions for an Internet law attorney that handles COPPA issues? Please get in touch.

Who Is Beholden To COPPA?
  1. Anyone who operates an online service or commercial website that attracts children. Not purposefully targeting kids? No matter. If they come, you're beholden to COPPA standards.
  2. Anyone operating a website designed for general public consumption that collects information about users.
  3. Anyone who develops plugins or add-ons that can be used on a site visited by minors.
Website Factors When Considering COPPA Responsibility

Factors the FTC evalutaes when determining if a property falls under COPPA's purview:

  • Subject matter;
  • Language;
  • Advertising on the site, coupled with the intended target;
  • Audio or visual content including animated characters;
  • Age of the models;
  • Information regarding the age of the intended or actual audience;
  • Any features that may be child-oriented.

In addition, when determining who is and who isn't an "operator" under COPPA definitions, the FTC considers the quality of the information being collected. For example:

  • Who owns and controls the information being collected?
  • Who pays for the information and maintains it?
  • What pre-existing contractual information exists?
  • What is the role of the property under investigation in collecting and maintaining the information under review?
COPPA's TV-Inspired Roots

The roots of COPPA standards were planted in the 1960s -- when television networks and programmers enticed kids with add-on goodies. Not only were they advertising products, like breakfast cereals, with toys, they were doing it unethically. It was as a result of those sketchy advertising campaigns that birthed concern about the effects of advertising on kids. COPPA is the 21st century version.

Basic Provisions of COPPA

Under the Children's Online Privacy Protection Act, a website's Privacy Notice must:

  1. Include a link to data collection practices for each area where a child's personal information is inputed.
  2. Be posted prominently and clearly, using a distinctive font.
  3. Be clearly worded and free of unrelated information that might distract from the intended message.
  4. Sit on a contrasting background (i.e., dark text on a light background for easy reading).
Parental Notice Under COPPA

Privacy policies on websites must include a parental notice telling parents what, why, and how information is being collected, in addition to an explanation of what is done with the data after it's collected. The policy must explain that information can only be collected with verifiable parental consent. It should also instruct parents on how to submit consent, as well as complaints. Under COPPA, the terms or privacy notice should also include:

  • Website operators' names and contact information for at least one;
  • Delineation of what information is collected, with an explanation of how it's collected;
  • Explanation of how the collected data will be used;
  • Third-party info: Who they are, their business, and how they will use the info;
  • Clear steps on how parents can disallow third-party access to the information;
  • Instructions on how to get data deleted and the process of how to disallow further data collection;
What Constitutes Personal Information Under COPPA?

COPPA's rules define what information is considered actionable under the law. Specifically:

  • Full Name
  • Home Address
  • Email Address
  • Telephone Number

Any other information that could be used to contact or identify a child is also covered, like interests and hobbies. Also covered under COPPA is digital info collected through Internet cookies or other tracking technologies, when attached to personally identifying information.

COPPA Law Resource Center

Internet Law Blog: 2016 Faical Recognition COPPA changes
COPPA Lawyers Explains 2016 Imaging Technology Update
Read »
COPPA update for end of 2014
COPPA Update: Cleaner Language & Safe Harbor Programs
Read »
COPPA Update: Schools Must Ensure Consent Methods Are Up-To-Date
Read »
COPPA parental consent rules
COPPA Parental Consent: A 101 Legal Guide
Read »
COPPA teenagers
Hormones Should Play A Role In Lawmaking, Say Advocates
Read »

Speak With A COPPA Law Attorney

This is but a thumbnail view of the Children's Online Privacy Protection Act. As of this writing, nearly everyone who collects information online -- whether it be through contact forms or user registrations -- should familiarize themselves with COPPA standards. The gist: make sure your website policies explain how parents can: a) remove children's data and b) give consent for their kid to register. You must also delineate how information is used after it's collected.

If parents are diligently monitoring their children's online activities, the less chance children will be exposed to dangerous Internet situations. However, even loving, dutiful parents can use a little help -- and that's what COPPA is all about.

Set Up A Consultation »