The Children’s Online Privacy Protection Act of 1998 (COPPA) is a federal law designed to help parents remain in control of what personal information websites and other online services can collect from their young children.
COPPA is administered by the Federal Trade Commission (FTC). It applies to operators of websites, apps, or other online services that collect, use, or disclose personal information from children under the age of 13, and to operators of general audience websites, apps, or online services that have actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
In sum, COPPA provides important protections for children’s personal information in the commercial space, and also recognizes the special role that schools may play in providing consent for the online collection of information from kids exclusively for educational services.
WHAT PERSONAL INFOMATION DOES IT PROTECT?
The definition of Personal Information that falls within COPPA compliance requirements includes: children’s names, nicknames, email addresses, telephone numbers, home addresses, and other geo-location information, social security numbers, photos, video, and audio files of the child, any persistent identifier or tracker that can be used to recognize an individual’s use over time and/or across different websites, as well as any information that enables physical or online communication or contact with a specific individual.
WHAT DO I HAVE TO DO?
The “collection of personal information” usually includes that through passive and persistent collection technology like cookies, IP addresses, GUIDs, etc.
It is the responsibility of the product or website operator to provide direct notice to parents prior to collecting personal identifiable information from a child under 13 years of age. Direct notice must inform the parents of the operator’s practices related to the collection, use, or disclosure of a child’s personal information. COPPA has very specific requirements as to what must be included in the direct notice.
Verifiable parental consent must be obtained before collecting personal information online from children under 13. There are a number of ways to obtain consent; however, the method used must be “reasonably calculated” to ensure the consent is actually being granted by the parent.
Acceptable methods of verifiable parental consent include, but are not limited to:
In certain circumstances, schools may provide consent to the collection of student’s information on behalf of the parent. This ability to consent for the parent is limited to the educational context. The personal information collected must be for the use and benefit of the school, and cannot be used for any other commercial purpose.
In order to get consent, the school must be provided with all the notices required under COPPA.
ADDITIONAL INFORMATION ABOUT COPPY AND PRIVACY FOR YOUNG CHILDREN
This COPPA 101 is not legal advice . Instead, we hope to introduce basic issues of COPPA and privacy, and help EdTech companies consider ways to build parent confidence and protections for personal information of young students.
A printable PDF version of this page is available by clicking this link:
Attention Technology Vendors:
Don’t miss iKeepSafe’s FREE Webinar: COPPA Basics for Technology Vendors
Seats are limited.