Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business
June 2017
The Federal Trade Commission (“FTC”) provides a six-step compliance plan for businesses regarding the Children’s Online Privacy Protection Rule (“COPPA”), which aims to safeguard children's privacy online by giving parents control over the information collected from their children under 13. Here’s a summary of the guidance:
-
Determine Coverage. Assess if your website or online service collects personal information from children under 13. COPPA applies if:
-
Your site is specifically directed at children under 13.
-
You allow others to collect personal information from children on your site.
-
Your site targets a general audience but you have actual knowledge of collecting information from children.
-
-
Post a Privacy Policy. If covered by COPPA, post a comprehensive privacy policy that details how you handle children’s personal information. This should include:
-
The operators collecting information.
-
Types of personal information collected and its use.
-
Disclosure practices to third parties.
-
Parents' rights regarding their children's information.
-
Notify Parents Directly. Provide direct notice to parents about your information practices before collecting any personal information from their children. This notice should explain the purpose of data collection, what information will be collected, and how parents can consent.
-
Obtain Verifiable Parental Consent. Secure verifiable consent from parents before collecting personal information. Acceptable methods include signed consent forms, credit card transactions, phone verification, or knowledge-based questions. If using email, follow up with confirmation.
-
Honor Parental Rights. Maintain ongoing obligations to parents. They have the right to review and delete their child’s information and revoke consent at any time. Ensure processes for parents to access this information are not burdensome.
-
Protect Personal Information Security. Implement reasonable security procedures to safeguard the confidentiality and integrity of children’s personal information. Limit data collection to what is necessary and securely dispose of data when no longer needed.
Additionally, The guidance highlights that COPPA applies broadly, including to mobile apps, ad networks, and other online services. It defines key terms like “personal information” and outlines exceptions where parental consent may not be required for certain types of information collection. Businesses are encouraged to visit the FTC's Children’s Privacy page for more resources and clarification.
Overall, this guidance emphasizes the importance of compliance with COPPA to avoid penalties and protect children's privacy rights effectively.
For more information, see here: https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance
These materials were obtained directly from the Federal Government public websites and are posted here for your review and reference only. No Claim to Original U.S. Government Works. These may not be the most recent versions. The U.S. Government may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information or the information linked to. Please check the linked sources directly.
