What Parents Need to Know About COPPA

 

What Parents Need to Know About COPPA

What is COPPA?

The COPPA Act (Children’s Online Privacy Protection Act) was passed by Congress in 1998. It’s a US Federal law and applies to all 50 states. COPPA was put in place to protect kids’ personal information on websites and online services that are directed to children under 13. This includes apps directed at children under 13.

The Federal Trade Commission (FTC) wrote the rule implementing the law. They have the authority to issue regulations and enforce COPPA.

Some mistakenly think COPPA relates to the content of a website/app. It does not. A COPPA certified site doesn’t necessarily mean the content of that site is suitable for children. In fact, the label has nothing to do with security or safety. COPPA deals with the privacy protection (PP) of kids under the age of 13.

COPPA requires sites and services to notify parents directly and get their approval before they collect, use, or disclose a child’s personal information.

This personal information includes a child’s name, address, phone number, or email address. It also includes their physical whereabouts, photos, videos and audio recordings of the child, and persistent identifiers, like IP addresses, that can be used to track a child’s activities over time and across different websites and online services.

Why Should Parents Care About COPPA?

COPPA details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children’s privacy and safety online including restrictions on the marketing to those under 13.

In 2013, revisions were made to COPPA that broadened items included under personal information. Now screen-names, photos, videos, voice recordings and geo-location data as well as persistent identifiers such as IP addresses for kids under 13 years old are all included under COPPA.

When a website says it’s for ages 13+, oftentimes it’s not about the content on that site. Instead, the website is discouraging kids under 13 years old from using their services because they don’t want to put in the time and effort to secure the privacy of their data.

So, COPPA is about your right as a parent when it comes to the data of your child. COPPA gives you control of this information. The question to ask is: Are you comfortable not knowing what a website is going to do with your child’s email address, pictures, location data, or other personal information?

How Does COPPA Protect My Child?

COPPA puts you in control of your child’s data by giving you access to plain language notices regarding the information the site will collect, how that information will be used, and how you provide your consent prior to your child setting up an account.

When you or your child (under the age of 13) creates an account for a website, service, or app primarily directed at kids under 13, you may get an email or notification on the screen from that company letting you know your child has started the process of signing up for the website, service, or app. This notification is asking you to give consent to the collection of your child’s personal information.

The notice should link to a privacy policy that is plain to read. In other words, the privacy policy should be written in language that’s easy to understand. The privacy policy must give details about the kind of information the site collects, and what the site may do with the information.

For instance, it should state if the site plans to use the information for target advertising to children using the website. It should also state if the website sells or gives user information to other companies.

The policy should also state that those other companies have agreed to keep the information safe and confidential. This means those 3^rd party companies aren’t giving or selling the information collected from the users (children). And, there should be contact information for you, so you can reach out if you have any questions.

If you agree to let the site or service collect personal information from your child, the site has a legal obligation to keep your child’s information secure.

If a website or social network invades the privacy of your child who is under the age of 13, or improperly uses their personal information, you can seek retribution via COPPA.

How Do I Give Consent?

Sites that are COPPA compliant should have directions on how to give your consent. They have some flexibility in how to do that. So, websites might ask you to send back a permission slip of some sort. Others may have a toll-free number you can call.

Keep in mind website operators need to make sure you are the parent before providing you access. This is for the protection of your child. So, often there is a parent/child verification process. And, you also have the right to retract your consent any time. This includes deleting any information collected from your child.

Please note, if you allow your son or daughter, at 12 years or younger, to join a network whose age limit is 13, you cannot seek help under COPPA.

A bunch of websites just got busted for breaking COPPA. Isn’t COPPA just a joke?

A 2018 report, Won’t Somebody Think of the Children, found more than half of Android apps directed toward children under 13 potentially violate COPPA. And, this isn’t the first time child-directed apps have been found in violation of COPPA.

In 2017, a federal class action lawsuit was filed against Disney, alleging that 42 of its apps were collecting and sharing data with advertisers without parental consent.

So does this mean parents should give up on COPPA? No! I believe many parents are beginning to understand what COPPA actually is and how it can protect their child’s personal data. We’re now seeing accountability. That’s a good thing.

By banding together as parents we can let the tech industry know our child’s data is not for sale.

If you think a site has collected information from your kids or marketed to them in a way that violates the law, report it to the FTC at ftc.gov/complaint.