Cybertelecom
Cybertelecom
Federal Internet Law & Policy
An Educational Project

Children's Online Privacy Protection Act

Dont be a FOOL; The Law is Not DIY
Navigation Links:
:: Home :: Feedback ::
:: Disclaimer :: Sitemap ::

COPPA
  Who Must Comply
  What is Required
    Notice
    Parental Consent
    Sliding Scale
    Parental Review
    Data Security
  "Personal Info"
  Exceptions
  Giving Away Stuff
  Safeharbors
  Enforcement
  Checklist
  Reference

- Privacy
- Fair Info Practices
- 4th Amendment
- - ECPA
- - FISA
- - Patriot Act
- - Expectation
- - Cybersecurity
- - Anonymity
- FTC
- - ID Theft
- - Spyware
- - Children's Privacy
- - COPPA
- - Cookies
- - Social Networks
- - Advertising
- - Online Profiling
- - Privacy Policies
- - Enforcement
- FCC
- - CPNI
- - Cable
- - CALEA
Dept of Commerce
- - NTIA
- - NIST
- - EU Safe Harbors
- The Feds
- - Pri.Protection Act
- - Privacy Act
- - Pri. Impact Statements
- - Info Law
- - The Press
- Geolocation
- - Location Based Services
- Reference


Congressional concern over children’s privacy led it to passage in 1998 of the Children’s Online Privacy Protection Act (COPPA)[16 CFR Part 312]. [See Privacy Introduction for background] More information can be found online at the FTC’s Children’s Privacy website.

Who Must Comply With COPPA?

One falls under the requirements of COPPA if you


Note: Pursuant to Executive Memo M-00-13, all Federal agencies and their contractors must comply with COPPA.

How does the FTC determine that a website targets children? The FTC has indicated that it will look at the following factors when making this determination:

If a service does not target children, then actual knowledge means actual knowledge. Some websites gather statistical information on visitors without any thought that some visitors may be children or intention to market or serve those visitors - if a site asks and knows, then it is under COPPA. Once the site has actual knowledge, then it is stuck with it. Conversely, what about lying kids. According to COPPA, if the kid visits a site and lies about his age, then the kid is not that site's problem. If nothing about a visitor’s presence informs a website that the visitor is a child, then the site lack s actual knowledge.

One area of concern is monitored online communities such as email groups or chat rooms. If the community targets children or if the visitor reveals that the visitor is a child, then the operators of the community must comply with COPPA. One action the community monitor can take is to strip out all personal information from the messages prior to permitting them to be posted. This is sufficient and does not require further parental consent. Operators may elect, instead of stripping out such material, to gain the consent of parents for their children’s participation. These rules do not apply to unmonitored communities. This is likely to pose a significant challenge to monitored communities that do not target children and are not accustomed to COPPA who are suddenly confronted with a message that states, "Hi, my name is Tommy, I’m in the 6th grade and I am doing a research project..."

WHAT IS "PERSONAL INFORMATION" (aka PII) ?

At issue with COPPA is the collection of personal information.  Personal information means individually identifiable information and includes a first and last name, a physical address, an e-mail address, screen name, or other online identifier, a telephone number, a social security number, or a cookie or other persistent identifier. [COPPA Sec. 1302(8)] [See also CPNI, ECPA] It also means any additional information collected from the child in combination with any of the above items.  In other words, once a firm has collected personal information from a child, all additional information collected is likewise infected.  In order to fall under COPPA, this information must be collected online (if, for example, the visitor prints off a form and then mails in the information, it would not then fall under COPPA).

Note that if the information a site wants to collect is not on the above list (and you are a website that does not target children), then that site can collect it without falling under the restrictions of COPPA. It is, for instance, possible to conduct surveys of visitors to a site and not fall under COPPA as long as no part of the survey asks for personally identifiable information.  The survey can even ask age as long as it does not ask, for example, for the visitors name or set a cookie.  If a site wants to set up some silly online poll of the masses asking who should win this years academy awards or who will be elected President, the site could do this and not fall under COPPA as long as that site is not asking personal questions.

ARE THERE ANY EXCEPTIONS?

There are a number of exceptions to COPPA which permit online sites to interact with visitors without the consent of parents.  They are as follows: 

There is another interesting "exception" known as safe harbors.  These are industry self regulation programs that are submitted to the FTC for approval.  If approved, then those members who are certified as complying with that program are deemed to be in compliance with COPPA.  The entity seeking FTC approval of their self regulation program will have to provide assurances to the FTC that the integrity of the program will be maintained. [COPPA Sec. 1304]

CAN I COLLECT INFORMATION IN ORDER TO DETERMINE THAT I AM NOT GOING TO COLLECT INFORMATION?

I visited a webpage recently where it asked me for personal information.  My own personal privacy protection program is "garbage in, garbage out."  I love filling out these forms and always fill them with all types of rubbish.  Anyway, when it asked me what year I was born, I unthinkingly hit "1999."  The website, citing COPPA, refused to gather any further information from me.

This is a viable option.  Age information is not defined by COPPA as personally identifiable information.  A site can ask the age of the visitor without having to comply with COPPA further. If the visitor is under the age of 13, a viable option is to refuse to collect any personally identifiable information.  If that information is necessary in order to provide your online service, the site may decide not to offer services to children under the age of 13.

BUT I WANNA GIVE FREE STUFF AWAY?

If a site is running online contests, there is a more specific rule, as this was one of the areas of greatest abuse.  An operator of an online contest targeted at children is permitted to gather only sufficient information from the visitor that is reasonably necessary for the visitor to participate in the activity.  In other words, no asking for mommy and daddy's salary in order to win a free t-shirt. [16 CFR § 312.7]

Web services provided by Wyoming.com
: Home : About Us : Contact Us : Sitemap : Discussion : Search : Newsletter : RSS :
: ADA : Broadband : Crime : Copyright : DNS : ECommerce : EGovt : First Amendment : Digital Divide :
: Network Neutrality : Intl : Privacy : Security : SPAM : Statistics : VoIP : Vote : And Much More! :
:: Feedback : Disclaimer ::
© Cybertelecom ::