In Part I, we discussed what the Children’s Online Privacy Protection Act (COPPA) is, when it applies, and the consequences of failure to comply with the law. Below, we’ll discuss further questions and answers regarding an overview of what’s required when COPPA applies to your website, app or online service.
What steps must you take prior to collecting a child’s personal information?
Assuming COPPA applies to your website, you are required to post a clear and conspicuous privacy notice that describes the types of PI the operator collects from children, how it is used, and whether it is disclosed to third parties. A direct notice must also be provided to parents including the same information. The parent’s verifiable consent must be obtained regarding the collection, use and disclosure of the child’s personal information.
What does COPPA require after the collection of child’s personal information?
After collecting a child’s personal information, parents must be given control over their children’s personal information, which includes the right to access, review and delete the information. The operator is required to keep the child’s personal information secure and carefully vet all third-party service providers with regard to security procedures and written policies and procedures regarding the use and collection of personal information.
Have additional questions regarding whether COPPA applies to your website and if so, the steps you need to take to comply with the law?