Implemented in 2000, the Children’s Online Privacy Protection Rule (COPPA) applies to websites or online service operators (including apps, games, online social networks,VOIP services, IoT devices, and ad services) that knowingly collect, use, or disclose personal information from or about children under 13. Nonprofit entities engaged in non commercial activities are exempt from complying with COPPA.
Numerous factors determine, on a case-by-case basis, if a website or online service is aimed at children, including:
- Subject matter
- Visual content
- Use of animated characters or child-related activities & incentives
- Music and audio content
- Age of models
- Presence of celebrities that appeal to children
- Language and other characteristics
- Advertising appearing on the website or online service
- Evidence concerning the audience composition and the intended audience
What is required according to COPPA?
Websites or online service operators must:
- Provide notice on their website or online service concerning the information they collect from children, how it is used, and their disclosure practices (regulations include specific requirements for different types of notices, such as direct notice to parents and notices on the site).
- Post clear and comprehensive online privacy policies detailing their practices for collecting, using and disclosing personal information from children.
- Before collecting children’s information, directly notify parents and obtain their verifiable consent (some exceptions apply for prior parental consent).
- Give parents the option to consent to the collection and internal use of the child’s information while prohibiting unnecessary disclosure to third parties.
- Give parents access to their child’s collected personal information and the ability to delete it.
- Give parents the option to prevent further use or online collection of their child’s personal information.
- Maintain confidentiality, security, and integrity of personal information collected from children, including ensuring that third parties to whom they disclose such information can also maintain the same level of privacy and security.
- Delete personal information collected from children in a manner that protects against unauthorized access or use.
- Retain personal information collected from children only as long as is necessary to fulfill its intended purpose.
- Ensure that a child’s participation in an online activity is not conditioned on them providing more information than reasonably required for that activity.
What led to the Children’s Online Privacy Protection Rule?
Congress enacted COPPA in 1998, requiring the FTC to enforce corresponding children’s online privacy regulations. The original COPPA Rule took effect in 2000. The FTC updated the Rule in January 2013, with the revised rule taking effect in July of the same year.
How is the law enforced under COPPA?
The FTC treats COPPA violations like violations of FTC rules. Courts can impose penalties of up to $51,744 per violation, depending on the specifics of each case. COPPA also grants enforcement authority to states and certain federal agencies.
Choose UserWay for all of your compliance needs
Organizations worldwide trust UserWay for industry-leading accessibility and compliance. Learn about UserWay’s complete framework of products and services, from AI-powered tools and comprehensive accessibility checking to attorney-led legal support and enterprise solutions.