The Essential Guide to COPPA Compliance
If you run a website that collects personal information, there’s a chance you’re going to need to comply with the Children’s Online Privacy Protection Act – also referred to as COPPA.
In this detailed guide, we provide you with essential information on the purpose of COPPA and whether it applies to your website or mobile application.
We also cover the steps you need to take to achieve COPPA compliance and avoid unnecessary lawsuits.
Created in 2000, the Children’s Online Privacy Protection Act (COPPA) regulates how websites collect information from children. It prevents marketers from targeting children with unethical campaigns in order to gather data.
The aim of the act is to protect children, not hinder online businesses and innovation.
COPPA compliance is applicable to websites, mobile apps, and any other online services that fall into the following categories:
- Directed at children 13 years and younger
- Awareness that they are collecting personal information from children 13 years and younger
- Collect information on the behalf of other websites that collect information from children 13 years and younger
COPPA applies to both active and passive data collection such as tracking cookies.
What is Personal Information?
It’s also important to understand exactly what is meant by personal information.
- Full name
- Physical address or general geographic location
- Contact number
- Social Security number
- Email address
- Online usernames
- Online identification (cookies)
- Images of a child or recordings of their voice
Next, let’s look at how COPPA compliance is enforced.
The Federal Trade Commission (FTC) is responsible for enforcing COPPA. Anyone who believes that a website or mobile app owner or operator is violating COPPA can report the matter to the FTC online.
By not complying with COPPA regulations, you could find yourself being fined up to $46,000 per violation. How flagrant the violation is, the number of minors affected, how the personal information was used, and how many times an offense has occurred are factors that determine the total penalty.
There have even been instances where penalties have amounted to millions of dollars, which could essentially ruin a business or brand for life.
Absolutely! COPPA has given certain federal agencies and states the authority to enforce compliance requirements, provided they have jurisdiction.
There are two primary requirements for complying with COPPA regulations:
This policy should outline how you collect and handle personal information from children who are 13 or younger. It should also be written in simple language so that even a child could understand it.
Along with it being easy to find and read, it should also be distinguishable from other links on your site too. It’s best practice to place this link somewhere close to where you collect personal information.
- A list of the people and services that are being used to collect personal information on your site. COPPA requires you to specify contact information, including names, address, contact numbers, and addresses.
- How information is collected (actively or passively through cookies).
- Details on the type of information that is NOT collected.
- Specifics on how you plan to use the personal information you collect.
- Whether or not you are sharing this information with third parties. If you will be sharing it, specify how each third party will use this information.
2. Send a Direct Notice to Parents
The second requirement is to send a direct notice to the parents of a child using a particular device. You can only collect personal information once this direct notice has been sent.
- Explanation of how you obtained a parent’s contact details.
- The personal information you collect from children and what happens with the information.
- A request for consent from the parent.
Let’s finish by looking at a few exceptions and what mixed audience website owners should know about COPPA compliance.
If your website or mobile app doesn’t collect, disclose, or make use of personal information collected from children, COPPA doesn’t apply to you.
And if you are unsure whether your website or app is deemed to be directed at children, consider the following factors:
- The topic of your site.
- The use of animated characters.
- Whether or not your site or app includes activities and incentives that would appeal to a child.
- The visuals and audio used.
- The use of models or celebrities that would appeal to a younger audience.
- Whether the advertising or promotions are directed at children.
- Any evidence that would suggest your site’s target audience is children 13 years or younger.
Also, if you are using any data from children that have been collected from another website, COPPA applies to you.
Now, what about websites that target a mixed audience that includes children?
Basically, if there is any content, product, or services on your website that are directed at children, you need to comply with COPPA.
COPPA requirements are simple and straightforward, so there’s no reason why you should delay compliance.
Plus, by complying, not only are you doing your part to protect a younger online audience, but you’re avoiding costly lawsuits and business failure.