Children’s Online Privacy Protection Act (COPPA)

Every website, app, and all digital software “directed towards” minors must comply with the Children’s Online Privacy Protection Act (COPPA). Its goal is to guard the identities of people under 13 online. According to the FTC’s website, “The Children’s Online Privacy Protection Act puts parents in control.”

Generally speaking, the law requires parental consent for purchases and data collection (including tracking cookies).

Who must adhere to COPPA regulations?

All websites, plugins, apps, and software that’s attractive to children under the age of 13 are subject to rules outlined in the Children’s Online Privacy Protection Act. Even if you’re not purposefully courting minors, the rules often still apply. Judges consider a property’s advertising, design, features, the age of models, and subject matter.

Contact a COPPA lawyer

Below, we’ll review the ins-and-outs of the Children’s Online Privacy Protection Act. If you are an established business or startup in need of COPPA compliance advice, please get in touch. If you have received notification from the Federal Trade Commission, we can take the lead on your behalf.

Children’s Online Privacy Protection Act: A Quick Overview

Personally Identifiable Data

We’ve discussed COPPA’s consent decree; it forces businesses to secure parental permission before collecting or storing personally identifiable data of children aged 12 and under. But what, exactly, qualifies as “personally identifiable” information? Here’s a list.

  • Name
  • Physical Address
  • Email, IM, VoIP, Chat Name, Screen Name (In Certain Instances)
  • Social Security Number
  • Telephone Number
  • Multi-Platform, Identifying Tracking Cookies
  • Media Files Containing Voice or Image Content
  • Geolocation Data
  • Any Other Information Combined With Any Of The Above

Direct Notice

COPPA requires companies to give parents “direct notice” before collecting children’s personally identifiable information. So, what constitutes “direct notice”? Here’s a list:

  • A faxed, mailed, or electronically scanned paper documents, which are sent to the company, satisfies the “direct notice” provision.
  • Using a debit or credit card that “provides notification of each separate transaction to the account holder” satisfies the COPPA notification rule.
  • Video conferencing or a toll-free call with “trained personnel” fulfills the Children’s Online Privacy Protection Act’s “direct notice” requirement.

Mandatory Privacy Policy

COPPA requires websites and other digital platforms to post a conspicuous privacy policy that includes specific information, including:

  • A Website operator’s name and contact info;
  • Contact information for third-party proprietors that may collect and store data;
  • Instructions on disallowing third-party access to the information; and
  • Data deletion instructions.

Parental Consent

COPPA’s main feature is parental consent. The law forbids digital platforms to collect personally identifying information about children under the age of 13 without consent. Specifically, businesses and websites must:

  • Implement and maintain high-end, anti-hacking programs and measures, in a good faith attempt to keep data safe.
  • Secure verifiable parental (or guardian) consent before collecting identifying information from minors under 13.
  • Post conspicuous, plain English privacy policies on their websites.
  • Notify parents and guardians of procedure and policy changes.
  • Allow parents to opt-out or delete their children’s’ information at any time.

Manufacturing Consent

What happens when a technologically savvy kid fakes parental consent? Or worse, a criminal figure does it? The FTC advises choosing a method that’s “reasonably designed in light of available technology to ensure that the person giving consent is the child’s” parent or guardian. To ensure your verification methods sync with FTC standards, get in touch with an FTC defense lawyer.

Sites Directed at Children

What, exactly, constitutes “directed at children”?

A list of 101 COPPA no-nos doesn’t exist. However, over the years, the Federal Trade Commission has given guidance on the matter. When considering a COPPA case, investigators and attorneys weigh:

  • The platform’s subject matter. Was the site about shifting real estate prices in Roscoe Village or Daniel Tiger’s Neighborhood?
  • A platform’s video and audio content. If a website, game, or app is likely to be attractive to kids, or uses cartoon animation, then the platform will likely fall under COPPA’s purview, even if said site is not directed at kids. If children can access a site, and that site uses content it knows would likely be attractive to a child, COPPA kicks in.
  • If the platform features celebrities who appeal to children (i.e., Taylor Swift, Zendaya, et cetera). If it does, again, the site likely falls into the COPPA category.

Wondering if your website or app complies with the guidelines laid out in the Children’s Online Privacy Protection Act? Contact our internet law attorneys for a comprehensive review of your website, app, and marketing materials.