What is COPPA and How Does It Affect Business Promotion?


What is COPPA and How Does It Affect How You Promote Your Business?

Small businesses beware: If you run a website, an online service or a mobile app that collects information from children under the age of 13, you could be liable for hefty fines if you don’t comply with the Children’s Online Protection Privacy Act (COPPA).

What is COPPA?

In a nutshell, COPPA forbids website operators from collecting any personal information from any child under the age of 13 without explicit parental permission.

Personal information can include things as simple as names and addresses or even more complex identifiers such as geolocation identifiers, pictures or audio files, where such files contain the child’s voice.

COPPA is the main reason why Facebook and many other popular Websites do not allow users under the age of 13.

Even seasoned website operators have found themselves on the wrong side of the law and were held liable by the Federal Trade Commission.

For example, online reviewing site Yelp agreed to pay a civil penalty of $450,000 in 2014, while mobile game developer TinyCo paid a $300,000-fine. A court could fine a violating operator as much as $40,654 per violation, according to the FTC.

Enacted by Congress in 1998, the law spells out what website operators must include in a privacy policy, when and how to seek consent from a parent or guardian and what an operator must do to protect children’s privacy and safety online.

It also restricts marketing to children under the age of 13.

According to the FTC website, “The primary goal of COPPA is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13 while accounting for the dynamic nature of the Internet.

The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.”

Under new guidelines adopted by the FTC in 2013, the law also applies to third parties of “child directed sites” — such as plug-ins and advertising networks — that collect personal information from visitors.

Under the amended rules “personal information” includes the following:

  • First and last name
  • A home or other physical address including street name and name of a city or town
  • Online contact information
  • A screen or user name that functions as online contact information;
  • A telephone number
  • A Social Security number
  • A persistent identifier that can be used to recognize a user over time and across different websites or online services
  • A photograph, video, or audio file, where such file contains a child’s image or voice
  • Geo-location information sufficient to identify street name and name of a city or town
  • Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described above

What is COPPA and How Does It Affect How You Promote Your Business?

How do you know if you need to comply with this law or what steps you need to take?

The Children’s Privacy Section of the FTC’s Business Center is loaded with information on the subject.

One option would be to consult with a COPPA Safe Harbor Program, which allows industry groups or others to submit for FTC approval self-regulatory guidelines or to consult an attorney.

AspectExplanation
OverviewCOPPA (Children's Online Privacy Protection Act) is a legal framework that prohibits website operators from collecting personal information from children under 13 without explicit parental consent.
Scope of Personal InformationPersonal information covered by COPPA includes basic details like names and addresses, as well as more complex identifiers such as geolocation data, pictures, or audio files containing a child's voice.
Impact on Popular WebsitesCOPPA is the primary reason why popular websites like Facebook restrict access to users under the age of 13. Violation of COPPA can lead to significant fines and legal consequences, as seen with cases like Yelp's $450,000 penalty and TinyCo's $300,000 fine.
Enactment and Key ProvisionsEnacted by Congress in 1998, COPPA outlines specific requirements for website operators, including the content of privacy policies, the process of seeking parental consent, and measures to protect children's online privacy and safety.
Marketing RestrictionsCOPPA imposes restrictions on marketing to children under the age of 13, emphasizing parental control over the collection of their children's online information.
Primary Goal of COPPAAccording to the FTC, the primary goal of COPPA is to empower parents, giving them control over the information collected from their children online. It acknowledges the dynamic nature of the internet and aims to protect children under age 13.
ApplicabilityCOPPA applies to operators of commercial websites, online services (including mobile apps) targeting children under 13, which collect, use, or disclose personal information from children. It also extends to operators with knowledge of collecting data from children under 13.
Inclusion of Third PartiesUnder revised guidelines adopted in 2013, COPPA covers third parties, such as plug-ins and advertising networks, associated with "child-directed sites" that collect personal information from site visitors.
Definition of Personal InformationPersonal information" under COPPA includes first and last names, home or physical addresses, online contact details, screen or user names functioning as online contact info, telephone numbers, Social Security numbers, persistent identifiers, photographs, videos, or audio files with a child's image or voice, geo-location data sufficient to identify location details, and information about the child or the child's parents collected online and combined with an identifier mentioned above.
Compliance AssistanceBusinesses seeking COPPA compliance can refer to the Children’s Privacy Section of the FTC's Business Center, consult with COPPA Safe Harbor Programs, or seek legal advice to navigate this complex regulatory landscape.

The FTC has also recommended a “Six-Step Compliance Plan” for any business:

Step 1: Determine if Your Company is a Website or Online Service that Collects Personal Information from Kids Under 13

COPPA doesn’t apply to everyone operating a website or other online service. COPPA applies to operators of websites and online services that collect personal information from kids under 13.

You must comply with COPPA if one of the following is true:

  • Your website or online service is directed to children under 13 and you collect personal information from them.
  • Your website or online service is directed to children under 13 and you let others collect personal information from them.
  • Your website or online service is directed to a general audience, but you have actual knowledge that you collect personal information from children under 13.
  • Your company runs an ad network or plug-in, for example, and has actual knowledge that you collect personal information from users of a website or service directed to children under 13.

Step 2: Post a Privacy Policy that Complies with COPPA

It must clearly and comprehensively describe how personal information collected online from kids under 13 is handled.  The notice must describe not only your practices, but also the practices of any others collecting personal information on your site or service — for example, plug-ins or ad networks.

It must also include a list of all operators collecting personal information, a description of the personal information and how it’s used, and a description of parental rights.

Step 3: Notify Parents Directly Before Collecting Personal Information from Their Kids

The notice should be clear and easy to read. Don’t include any unrelated or confusing information. The notice must tell parents:

  • That you collected their online contact information for the purpose of getting their consent
  • That you want to collect personal information from their child
  • That their consent is required for the collection, use, and disclosure of the information
  • The specific personal information you want to collect and how it might be disclosed to others
  • A link to your online privacy policy
  • How the parent can give their consent
  • That if the parent doesn’t consent within a reasonable time, you’ll delete the parent’s online contact information from your records

Step 4: Get Parents’ Verifiable Consent Before Collecting Information from Their Kids

Acceptable methods include having the parent:

  • Sign a consent form and send it back to you via fax, mail, or electronic scan
  • Use a credit card, debit card, or other online payment system that provides notification of each separate transaction to the account holder
  • Call a toll-free number staffed by trained personnel
  • Connect to trained personnel via a video conference
  • Provide a copy of a form of government issued ID that you check against a database, as long as you delete the identification from your records when you finish the verification process

Step 5: Honor Parents’ Ongoing Rights with Respect to Information Collected from Their Kids

If a parent asks, you must:

  • Give them a way to review the personal information collected from their child
  • Give them a way to revoke their consent and refuse the further use or collection of personal information from their child
  • Delete their child’s personal information.

Step 6: Implement Reasonable Procedures to Protect the Security of Kids’ Personal Information

StepDescription
Step 1: Determine ApplicabilityDetermine if your company operates a website or online service that collects personal information from children under 13. Compliance with COPPA is required in specific scenarios, including sites directly aimed at children under 13 and sites with actual knowledge of collecting data from such children.
Step 2: Post a COPPA-Compliant Privacy PolicyCreate and display a privacy policy that aligns with COPPA requirements. This policy should provide a clear, comprehensive description of how personal information from children under 13 is handled on your website or online service. Include details not only about your practices but also those of any third parties collecting personal data through your site, such as plug-ins or ad networks. The policy must feature a list of all operators gathering personal information, describe the type of information collected, its usage, and outline parental rights.
Step 3: Notify Parents Prior to Data CollectionBefore collecting personal information from children, ensure that parents are directly notified in a clear and easily comprehensible manner. Avoid including unrelated or confusing information in the notice. The notification should inform parents of the purpose behind collecting their online contact information, the intent to gather personal data from their child, the necessity of parental consent for data collection, details about the specific information to be collected and its potential disclosure, a link to your online privacy policy, the method for parents to provide consent, and the process for deleting parental contact information if consent isn't granted within a reasonable timeframe.
Step 4: Secure Verifiable Parental ConsentObtain verifiable consent from parents before collecting personal information from their children. Acceptable methods for obtaining this consent include having parents sign a consent form and return it via fax, mail, or electronic scan, using a credit card, debit card, or another online payment system that provides transaction notifications to the account holder, establishing a toll-free number staffed by trained personnel, connecting parents to trained personnel via video conference, or requesting a copy of a government-issued ID for verification purposes (ensuring subsequent deletion of identification details).
Step 5: Honor Ongoing Parental RightsRecognize and respect parents' ongoing rights regarding the information collected from their children. Provide a means for parents to review the personal data collected from their child, allow them to revoke consent and decline further collection or use of their child's information, and facilitate the deletion of their child's personal data as requested.
Step 6: Implement Data Security MeasuresImplement and maintain reasonable procedures to safeguard the security of personal information belonging to children. Protect this data from unauthorized access, disclosure, or misuse. Implement security practices to ensure the confidentiality and integrity of the information, taking into consideration the sensitive nature of data collected from children under 13.

What is COPPA and How Does It Affect How You Promote Your Business?

Ensuring COPPA Compliance for Small Businesses

In an increasingly digital age, where the online landscape is evolving rapidly, it is imperative for small businesses to be aware of and adhere to regulations that safeguard user privacy, especially when children are involved.

The Children’s Online Privacy Protection Act (COPPA) stands as a crucial pillar in this realm, aiming to protect the personal information of children under the age of 13.

Ignoring COPPA compliance can lead to hefty fines and reputational damage. In this comprehensive conclusion, we’ll summarize the key takeaways from our exploration of COPPA and its implications for small businesses.

COPPA: Protecting Children’s Online Privacy

COPPA, enacted by Congress in 1998, is a vital piece of legislation designed to protect the online privacy of children under 13. Its primary goal is to empower parents, putting them in control of the information collected from their young children online.

This law is not to be underestimated, as non-compliance can lead to severe financial penalties, with fines per violation potentially reaching substantial amounts. Even well-established companies, such as Yelp and TinyCo, have found themselves on the wrong side of the law, facing significant fines.

What is COPPA and How Does It Affect How You Promote Your Business?

The Expansive Reach of COPPA

Understanding the scope of COPPA is essential. It applies to operators of commercial websites, online services, and mobile apps that collect, use, or disclose personal information from children under 13.

Moreover, COPPA’s influence extends to third parties, such as plug-ins and advertising networks, that collect personal information from visitors of “child-directed sites.” The definition of “personal information” within COPPA is broad, encompassing various identifiers and data types.

Steps to Achieve COPPA Compliance

Achieving COPPA compliance may appear daunting, but the Federal Trade Commission (FTC) provides clear guidance and a six-step compliance plan for businesses.

This plan involves identifying whether your business is subject to COPPA, posting a comprehensive privacy policy, notifying parents before collecting their child’s information, obtaining verifiable parental consent, honoring parents’ ongoing rights, and implementing robust security measures to safeguard collected data.

Education and Resources

Small businesses must take advantage of available educational resources and guidelines provided by the FTC. The Children’s Privacy Section of the FTC’s Business Center is a valuable source of information, offering insights into COPPA’s requirements and compliance strategies.

Additionally, seeking advice from a COPPA Safe Harbor Program or consulting with legal experts can ensure accurate and effective compliance.

The Significance of COPPA in Digital Marketing

Understanding the impact of COPPA is crucial for businesses that engage in digital marketing to children under 13. The act not only limits the type of information that can be collected but also affects how businesses can target their advertising and promotional efforts.

Adhering to COPPA ensures that marketing practices are not only ethical but also legal, protecting the business from potential fines and legal issues.

Implementing COPPA Compliant Marketing Strategies

Businesses must develop marketing strategies that comply with COPPA regulations while effectively reaching their target audience.

This involves creative and thoughtful approaches to content creation and distribution, focusing on age-appropriate and engaging material without collecting personal information from children under 13.

Educative Content Over Direct Promotion

One strategy is to focus on creating educative and entertaining content rather than direct promotion. This can include tutorials, how-to videos, and educational games that align with your brand but do not require personal information collection. Such content can attract the target audience while respecting COPPA guidelines.

Parent-Focused Marketing

Since obtaining parental consent is a cornerstone of COPPA, tailoring your marketing strategies to appeal to parents as well as children can be effective. This involves creating content that addresses parental concerns and interests, showcasing the value and safety of your products or services for their children.

Best Practices for Ensuring COPPA Compliance

Ensuring compliance with COPPA involves several best practices that businesses should adopt to protect children’s privacy and avoid legal repercussions.

Regular Audits and Training

Conduct regular audits of your website, online services, and marketing practices to ensure they comply with COPPA. Additionally, provide training for your staff on COPPA regulations to prevent inadvertent violations.

Use of Age Gates

Implementing age gates can help prevent children under 13 from accessing parts of your site where personal information is collected. However, it’s important that these age gates are designed in a way that does not encourage children to lie about their age.

Transparency with Parents

Maintain transparency with parents about your data collection practices. This includes providing easy-to-understand privacy policies and direct communication channels for parents to ask questions and express concerns.

Leveraging Technology for Compliance

Technology can play a significant role in ensuring COPPA compliance. Utilize software and tools that can help manage and secure personal information collected, verify parental consent, and monitor compliance with your privacy policy.

What is COPPA and How Does It Affect How You Promote Your Business?

Conclusion

In conclusion, small businesses venturing into the digital realm must navigate the complex landscape of COPPA compliance. Protecting the privacy of children under 13 is not only a legal obligation but also an ethical responsibility.

Failure to adhere to COPPA can result in substantial fines, legal consequences, and reputational damage. By following the FTC’s guidelines, staying informed, and seeking professional advice when needed, businesses can ensure they are on the right side of the law.

Moreover, COPPA compliance should not be viewed solely as a legal requirement but as a commitment to online safety and trust-building with customers and parents. Small businesses can differentiate themselves by proactively addressing COPPA compliance, assuring parents that their children’s online experiences are secure and privacy-respecting.

In an age where data privacy is paramount, COPPA serves as a reminder that the protection of the most vulnerable online users is a shared responsibility among businesses, regulators, and parents.

Adhering to COPPA is not just about legal compliance; it’s about building trust with your audience and demonstrating your commitment to protecting children’s privacy in the digital world.

Child Using Tablet Photo via Shutterstock

Comment ▼

Daryl Nerl Daryl Nerl is a Staff Writer for Small Business Trends. He has worked as a professional journalist for more than 25 years. Daryl received his bachelor’s degree from NYU in 1988 where he majored in history and journalism. Daryl also worked as a reporter for The Scranton Times-Tribune and The Pottsville Republican where he served as Senior Reporter and Assistant News Editor. Prior to that, he worked as a reporter for The Morning Call in Allentown, Pa. He was also a former Local Editor for Patch, launching a hyperlocal news Website in Bethlehem, Pa.

Leave a Reply

Your email address will not be published. Required fields are marked *

*