[ad_1]
COPPA, or the Children’s Online Privacy Protection Act, is designed to protect the privacy of children under the age of 13 by giving their parents certain tools to control how their child’s information can and cannot be used. While providing parents with these tools, the Act imposes special requirements on operators of websites or online services that are intended for children under 13 years of age or that knowingly collect information about children under 13 years of age.
Given the broad purpose of the Act, this article will address questions that arise in the business community, such as:
- Do I have to comply with COPPA?
- What are these requirements?
- Is there a way to make sure my efforts are sufficient?
Does COPPA apply to you?
COPPA applies to those who operate websites or offer online services that collect personal information from children under the age of 13. If you’re not sure if your site or service fits into this category, consider these qualifying questions:
- Is your website or online services you offer directed at children under the age of 13? If so, you:
- Collect the personal information of these children directly?
- Allow others to collect these children’s personal information?
- If your website or online services are aimed at a general audience, do you know if you are collecting personal information from children under the age of 13?
- If you operate an ad network or plugin, do you collect personal information from users of a website or service intended for children under the age of 13?
If the answer is yes to any of the above questions, the next step is to determine what action or actions need to be taken to comply with COPPA.
COPPA requirements
At a high level, COPPA requires the operator of a website or online service to:
- Inform parents about the company’s information practices using the privacy policy and other relevant documentation
- Obtain confirmed parental consent for the collection, use or disclosure of children’s personal information
- Allow parents to prevent future maintenance, use or collection of their child’s personal information
- Give parents access to their child’s personal information
- Do not require the child to provide more personal information than is reasonably necessary to participate in the activity
- Follow reasonable procedures to protect the privacy, security and integrity of personal information
There are many ways to meet these requirements, but companies often want assurances that their efforts will protect them from COPPA liability. The Act contains a safe harbor provision that allows industry groups and others to request the FTC’s approval of self-regulatory guidelines to govern participating websites that comply with the rule.
The privacy policy should include the following:
- A list of all individuals or organizations that collect personal information through the Site or Service
- A description of the personal information collected and how it is used
- Description of parental rights – if you intend to collect information about children under 13, you must notify the parents directly before collecting such information
The parental notice should be simple and should clearly inform the parent that you have collected information about the parent online for the purpose of obtaining consent to collect information about their child, that you want to collect information about their child, and that the collection, use requires their consent. , and disclosure. This notice should also state what specific information you will collect and how you may disclose it to others, a link to your privacy policy, and how parents can provide consent. You must also tell the parent that if they do not respond to the notification, you will remove the parent’s contact information from your records, and you must remove it and not collect information about the child.
Determining whether your parental consent can be verified
COPPA not only requires parental consent to the collection of personal information about children, but also requires that the consent be verifiable or that the person providing the consent be a parent or legal guardian.
Some methods identified as validated include having a parent:
- Sign the consent form and send it back by fax, mail or electronic scan
- Use a credit card, debit card, or other online payment system that notifies the account holder of each individual transaction
- Call the toll-free number staffed by trained staff
- Connect with trained staff via video conference
- Provide a database-verified copy of official ID, provided the ID will be removed from your records after the verification process is complete
- Answer a series of knowledge-based questions that would be difficult for anyone other than a parent to answer
- Check a driver’s license photo or other photo ID provided by the parent, then match that photo to a second photo provided by the parent using facial recognition technology.
Where can I find information about COPPA?
The FTC has a comprehensive website with publicly available information about the agency’s various activities. The Children’s Privacy section contains a variety of materials related to COPPA, including all proposed and final regulations, public comments received by the Commission during its rulemaking, guides for companies, parents, and teachers, information about Safe Harbor, COPPA-approved programs, and FTC cases filed to comply with COPPA. Many of the training materials on the FTC website are also available in print for free at www.bulkorder.ftc.gov.
[View source.]
[ad_2]
Source link
