Children's Online Privacy Protection Act
The Children’s Online Privacy Protection Act is one of the few federal online privacy law in the United States. Other statutes include sections about health and financial privacy, but COPPA is the only current statute that addresses universal privacy for an entire demographic -- children under 13.
The Children’s Online Privacy Protection Act requires parental consent before a) kids can make online purchases and b) ISPs can collect children’s personal information. The statute also includes provisions for educational software used in schools.
Below, you’ll find a summary of COPPA rules, plus links to case studies and updates involving the Children’s Online Privacy Protection Act.
(Being investigated for a COPPA violation? Our team of Internet law attorneys can help.)
COPPA Rules: What Businesses Need To Know
COPPA Rules: Who Is Beholden To COPPA Regulations?
All data-collecting, commercial ISPs, plugins, apps, and websites, which are potentially attractive to minors, must adhere to the parameters. Even if your site or app isn’t intended for minors, but kids use it, you’re still responsible for sticking to COPPA rules. During investigations, the FTC -- and ultimately judges -- consider a properties subject matter, advertising, design, age of the models, features.
COPPA Rules: Information Quality Matters
When investigating a possible COPPA breach, the FTC considers the quality of the collected information. Experts look at:
- Who controls and owns the collected data?
- Who maintains the data?
- Is there a pre-existing contractual agreement?
- What role did the website or ISP play in managing and maintaining the information?
COPPA Rules: Parental Notice
Privacy policies must include the what, why, where, and how of a given site’s data collection procedures. The policy must also explain how can submit consent -- as well as complaints.
COPPA Rules: What Constitutes Personal Data?
Under the current iteration of the Children’s Online Privacy Protection Act, the following things are considered “personal data”:
- Full Name
- Home Address
- Email Address
- Telephone Number
- Social Media Account
- Cookies (digital, not chocolate)
COPPA Rules: Required Website Privacy Notice Under
The Children’s Online Privacy Protection Act requires websites to post policies that explain exactly how collected data is used and stored. Additionally, the link to this policy must sit, conspicuously, next to every section where data is collected.
The privacy terms should also include:
- The names of the website operators and contact info, for at least one;
- Contact info for any relevant third-party proprietors;
- Information on how to disallow third-party access to the information; and
- Data deletion and cease collection instructions.
COPPA Rules Blog: Case Studies
and Statute Amendments
Below are a few articles covering updates to the Children’s Online Privacy Protection Act, plus some related case studies.