The Children’s Online Privacy Protection Act (COPPA) is a United States federal law, passed in 1998 and effective from April 2000. This law is administered by the Federal Trade Commission (FTC).
COPPA is designed to protect the online privacy of children under the age of 13 by providing parents with control over what information websites and online services can collect from their children.
Why Do We Need COPPA?
As the internet evolved, it became clear that children were engaging with various websites and services, often providing personal information.
There were concerns about the safety of this information and how it could be used without parental consent. COPPA was thus introduced to ensure that parents are given control over the information collected from their children online.
This law provides a safeguard, ensuring that such data cannot be collected without explicit parental consent.
How Does COPPA Affect Me?
If you’re a parent or guardian of a child under 13 in the U.S., COPPA gives you control over your child’s personal information. It allows you to prevent websites and online services from collecting your child’s personal information without your permission.
If you’re a website owner or operator, or an online service provider whose services are directed to children under 13 or have actual knowledge that you are collecting personal information from children under 13, you need to comply with COPPA.
This includes getting parental consent before collecting, using, or disclosing such information.
How Can I Stay Safe and Compliant?
If you’re a parent, make sure to educate your child about the importance of not giving away personal information online. Also, regularly monitor the websites and online services your child uses and give consent only if you deem it safe.
If you’re a website owner, online service provider, or an app developer, here are the steps you need to take to comply with COPPA:
- Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from children.
- Provide a reasonable means for a parent to review the personal information collected from a child and to refuse to permit its further use.
- Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected from children.
- Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
- Do not condition a child’s participation in online activities on the child providing more information than is reasonably necessary to participate in that activity.Notable COPPA Violations and Fines
Company Year Fine (USD) TikTok (previously Musical.ly) 2019 5,700,000 YouTube & Google 2019 170,000,000
The TikTok fine was for collecting personal information from children without parental consent. YouTube & Google’s fine was for collecting data from children without parental consent and for making targeted ads towards children.
Please note that the FTC regularly reviews and updates its rules and regulations to ensure the safety of children online, so it’s crucial to stay updated with the most recent guidelines from the FTC’s official website.
The COPPA is crucial in today’s digital age to protect children and give control to parents over their child’s online information. By understanding COPPA, its purpose, and its requirements, you can ensure to comply with the law and provide a safe environment for children online.
COPPA FAQs for Beginners
- Q: Who does COPPA apply to?A: COPPA applies to operators of commercial websites and online services, including mobile apps, that are directed to children under 13 and collect, use, or disclose personal information from children.
- Q: What types of personal information does COPPA protect?A: COPPA protects personal information like full name, home or email address, telephone number, Social Security number. It also protects other types of information like hobbies, interests, and information collected through cookies or other types of tracking mechanisms when they are tied to individually identifiable information.
- Q: How does COPPA define an “operator”?A: Under COPPA, an operator is anyone who operates a website or online service and collects personal information from children, or on whose behalf such information is collected and maintained.
- Q: What is ‘verifiable parental consent’ under COPPA?A: Verifiable parental consent is any reasonable effort, taking into consideration available technology, to ensure that a parent of a child receives notice of the operator’s personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
- Q: What are the penalties for non-compliance with COPPA?A: The FTC is authorized to bring legal actions and impose penalties up to $43,792 per violation.