If your website, app, game or online service attracts kids under the age of 13, your technology product could trigger COPPA.

According to the FTC, The Children’s Online Privacy Protection Rule seeks to put parents in control of what information commercial websites collect from their children online.  Most companies that run websites directed to children under 13 are aware of their responsibilities under the COPPA Rule.  But if you run a site directed to a general audience or operate an ad network, plug-in, or other third-party service used by kid-directed sites, you may have COPPA compliance obligations, too.

If your technology product does any of the following, you likely trigger COPPA regulations:

    • Do you collect personal and/or demographic information such as first name, last name, email, phone, username, password, age, gender, city, state, hobbies?
    • Does your product have the ability for children under 13 to upload pictures, video or audio?
    • Do you share information with third parties or plug-ins?
    • Do you allow third parties or vendors to contact your subscribers?
    • Do you provide online sharing features such as “share with a friend” or “add to wish list”?
    • Do you provide Facebook Connect or other open ID authentication services?
    • Do you provide chat, messaging board, or other instant messaging functions?
    • Do you use behavioral or contextual marketing; done by using cookies to determine the best ads to deliver to the viewer?

What is COPPA?

Congress passed the Children’s Online Privacy Protection Act (COPPA) to ensure that parents are in control when it comes to information that websites collect on children under the age of 13. The rule has been in place since 2000, and was revised in 2013.

What does COPPA require?

The simple answer: Websites and online services that trigger COPPA must post privacy policies, provide parents with direct notice of their information practices, and get verifiable consent from a parent or guardian before collecting personal information from children.

The more complex answer: In certain circumstances, educational institutions can provide consent on behalf of parents. COPPA also has specific requirements on retention and disposal of data, and disclosure and availability of data to parents. You can learn more specifics on the FTC COPPA FAQ page, and our COPPA 101 page.

What happens if you don’t comply with COPPA?

There are a number of factors that the court assesses, but violators of COPPA can be held liable for penalties of over $40,000 per violation. COPPA gives states and certain federal agencies authority to enforce compliance.

How can you protect your product and company?

COPPA Safe Harbor Programs, such as iKeepSafe COPPA Data Privacy Certification, can assess your product for any deficiencies in compliance. iKeepSafe works with clients to make sure there are no holes in privacy policy, data retention, and parental consent practices. iKeepSafe’s certification process includes continued, customized support to help you meet current industry best practices. We are dedicated to helping technology vendors achieve and remain in compliance year-round in the constantly evolving data privacy landscape.

If your technology product triggers COPPA, as a trusted third-party non-profit organization, iKeepSafe can help keep you in compliance. For more information, register for a short demo here, call us at (540) 385-9862 or email privacy@ikeepsafe.org.

This blog post is not legal advice. Instead, we hope to introduce basic issues of COPPA and privacy, and help technology companies consider ways to build parent confidence and protections for personal information of young students.

 

 

 

 

 

 

Share:

About the Author :: Felicia Rateliff

Felicia has extensive experience in nearly every area of marketing, including content development, company and product messaging, public relations, event management, and graphic design. Her passions include developing holistic solutions and programs that encompass all angles of marketing strategy. Prior to working with iKeepSafe, Felicia served as the US Marketing Manager for Impero Software, an international education technology company, where she was instrumental in developing the US version of the keyword library for their flagship online safety monitoring product, Education Pro. Before entering the marketing field, she created the first Career and Technical Education Graphic Arts program in Mexico Missouri, where she taught for seven years. Felicia holds an MBA with Marketing emphasis, lifetime Missouri Secondary and Postsecondary Teaching Certifications in Graphic Arts, Graphic Communications and Illustration, and is currently completing an MSM in Organizational Leadership and Change.