COPPA is a U.S. federal law and refers to The Children’s Online Privacy Protection Act that was initiated as a means of protecting the privacy of any child under the age of 13. U.S businesses must abide by COPPA, as must any foreign business that collects information from children under 13 that reside in the United States. If you own a website that operates or is hosted in the United States, then you are legally obligated to abide by the laws set forth by COPPA.
If your website collects any personal information from children under the age of 13, you must be very aware of and compliant with all legal rules and regulations associated with COPPA. This is particularly important for websites that are marketed towards young children or if you have knowledge that younger children visit your website. It is also important for websites that target a general audience.
As a website owner, you must be very aware that you cannot knowingly collect or seek personal information from any child under the age of 13, and that if such information is accidentally obtained, it must be deleted from all records.
What Constitutes Personal Information?
Personal information with regards to online services refers to any and all data that can be used to identify an individual, such as name, email address, geolocation, phone number, online handles, and physical addresses. The collection of such personal information can occur in many ways, such as with cookies, submissions, or payment processing. With regards to children under 13, COPPA Compliance refers to collecting information by:
Encouraging or requesting that children submit information, even if that submission is voluntary. This is very important, even optional submission of information cannot be accepted.
Tracking a child online
Allowing information about a child under 13 to be made public online, such as through posting functions
Are You Abiding by COPPA Regulations?
COPPA was enacted to allow parents control over what information about their children is received and used. To comply, you must first ensure your website has a privacy policy available to be read online by visitors. Within that privacy policy, you must state how you collect and store personal information, specifically in regards to children under the age of 13. Ensure your privacy policy also includes information about how third parties might obtain and use this data. Make sure that your privacy policy is clearly visible on all webpages and never hidden or obscured.
The next step is to include a notice directly to parents informing them of your information practices and get verifiable parental consent before collecting any information. You must also give parents access to any information collected, allow them to edit, review, and delete it, as well as allow parents to restrict the use of further collection.
Lastly, to be compliant with COPPA, you must ensure you are taking reasonable steps to protect the security, confidentiality, and maintenance of any personal information collected. You must also delete all information after it has served the purpose for which it was intended.
Exceptions for Parental Consent
There are certain specific circumstances under which you may be able to make exceptions to parental consent with regards to COPPA laws and regulations. They are as follows:
To get parental consent in the first place, you are allowed to collect only the parent’s and the child’s name and online contact information. This information must be deleted from records if parental consent cannot be obtained.
Informing a parent of a child’s use of your website, but not collecting personal information.
If a child makes a request, such as entering a contest, you may only collect the child’s online contact information. This information can only be used to respond to the request and must then be deleted.
For multiple requests by a child, you can collect the parent’s and child’s online contact information. You must inform the parent that you only collected this information as a form of communication for the child’s request.
You can collect a child’s name, parent’s name, and online contact information for both if there is a safety issue or concern about the welfare of a child. You must contact the parent and inform them that you collected this information to protect their child’s safety.
You can collect the name of a child for the sake of legal, judicial, or liability issues. This information cannot be used as a means of contact or advertising.
You can collect a cookie number of IP address as it relates to a child being a visitor on your website, but you may not collect any additional information or use the information to track down or contact the child.
Lastly, in the case of misrepresentation of age, you can collect and keep a persistent identifier number but may not use any other personal information.
Ensuring COPPA compliance is critically important but also complex. If you want to ensure your bases are covered with regards to rules and regulations for the online privacy of children, contact one of our legal representatives today.