The Children’s Online Privacy Protection Act, known as COPPA, is a federal law that gives parents and legal guardians control over the collection, use and disclosure of children’s personal information. The goal of COPPA is to protect children’s online interactions and to make sure that parents consent to the collection and use of such data, since children under 13 are considered incapable of understanding the potential consequences of sharing such information.
Here are a few frequently asked questions and answers regarding COPPA, its application and consequences for failure to comply.
What information is considered personal information under COPPA?
As defined under COPPA, personal information is information that is collected online and identifies an individual, including but not limited to:
- First and last name
- Physical address that includes street and town or city name
- Email address
- Online identifier that permits an individual to be contacted directly (for example, a username)
- Telephone number
- Social security number
- Image, video or audio containing an individual’s image or voice
- Information sufficient to identify the home or other physical address of an individual
- A persistent identifier such as a cookie number, IP address, unique device number
- Any other information collected from a child that is either about a child that can be used in combination with other personal information to identify the child
When does COPPA apply to a website, app, or online service?
COPPA applies to operators of certain websites or online services, such as apps. If you operate a commercial website or online service that is either directed to children under the age of 13 that collects, uses or discloses children’s personal information, or knowingly collects, uses or discloses personal information from children under 13, then you must comply with COPPA. The determination of whether a website or online service is directed to children under 13 is a fact-specific analysis which includes a number of factors relating to the content of the website.
What are the consequences of failure to comply with COPPA?
The Federal Trade Commission is tasked with implementing regulations and enforcement actions relating to COPPA. Violators of the law can be subject to fines up to $16,000 per violation. Further, a violator may be required to delete all information that was collected in violation of the law, and be required to implement stringent record-keeping and monitoring requirements. Interested in a cautionary tale? Check out this article from the FTC outlining an FTC lawsuit against VTech, which resulted in proposed settlement which includes a $650,000 civil penalty and a requirement to implement a comprehensive data security program which is subject to audits for 20 years.
Have additional questions regarding whether COPPA applies to your website?