Children's Online Privacy Protection Act
Encyclopedia
The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law, located at .
The act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under U.S. jurisdiction
from child
ren under 13 years of age. It details what a website
operator must include in a privacy policy
, when and how to seek verifiable consent from a parent
or guardian
, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites altogether disallow underage children from using their services due to the amount of paperwork involved.
has the authority to issue regulations and enforce COPPA. Also under the terms of COPPA, the FTC designated ‘safe harbor’ provision is designed to encourage increased industry self-regulation. Under this provision, industry groups and others may request Commission approval of self-regulatory guidelines to govern participants’ compliance, such that Web site operators in Commission-approved programs would first be subject to the disciplinary procedures of the safe harbor program in lieu of FTC enforcement. To date, the FTC has granted safe harbor to four companies: TRUSTe
, ESRB
, CARU and Privo.
The Act applies to websites and online services operated for commercial purposes that are either directed to children under 13 or have actual knowledge that children under 13 are providing information online. Most recognized non-profit organizations are exempt from most of the requirements of COPPA. However, the Supreme Court ruled that non-profits operated for the benefit of their members' commercial activities are subject to FTC regulation and consequently also COPPA. The type of "verifiable parental consent" that is required before collecting and using information provided by children under 13 is based upon a "sliding scale" set forth in a Federal Trade Commission
regulation that takes into account the manner in which the information is being collected and the uses to which the information will be put.
, Inc., and Mrs. Field's Cookies and Hershey Foods. In September 2006, the FTC levied substantial fines on several enterprises for COPPA violations. The website Xanga
was fined US$
1 million for COPPA violations, for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent. Similarly, UMG Recordings, Inc. was fined US$400,000 for COPPA violations in connection with a Web site that promoted the then 13-year-old pop star Lil' Romeo
, and hosted child-oriented games and activities, and Bonzi Software, which offered downloads of an animated figure "BonziBuddy
" that provided shopping advice, jokes, and trivia was fined US$75,000 for COPPA violations.
Operators who follow one of these procedures acting in good faith to a request for parental access are protected from liability under federal and state law for inadvertent disclosures of a child's information to someone who purports to be a parent.
have made similar laws protecting children under 13 online.
The act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under U.S. jurisdiction
Jurisdiction
Jurisdiction is the practical authority granted to a formally constituted legal body or to a political leader to deal with and make pronouncements on legal matters and, by implication, to administer justice within a defined area of responsibility...
from child
Child
Biologically, a child is generally a human between the stages of birth and puberty. Some vernacular definitions of a child include the fetus, as being an unborn child. The legal definition of "child" generally refers to a minor, otherwise known as a person younger than the age of majority...
ren under 13 years of age. It details what a website
Website
A website, also written as Web site, web site, or simply site, is a collection of related web pages containing images, videos or other digital assets. A website is hosted on at least one web server, accessible via a network such as the Internet or a private local area network through an Internet...
operator must include in a privacy policy
Privacy policy
Privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data...
, when and how to seek verifiable consent from a parent
Parent
A parent is a caretaker of the offspring in their own species. In humans, a parent is of a child . Children can have one or more parents, but they must have two biological parents. Biological parents consist of the male who sired the child and the female who gave birth to the child...
or guardian
Legal guardian
A legal guardian is a person who has the legal authority to care for the personal and property interests of another person, called a ward. Usually, a person has the status of guardian because the ward is incapable of caring for his or her own interests due to infancy, incapacity, or disability...
, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites altogether disallow underage children from using their services due to the amount of paperwork involved.
Background
The Federal Trade CommissionFederal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
has the authority to issue regulations and enforce COPPA. Also under the terms of COPPA, the FTC designated ‘safe harbor’ provision is designed to encourage increased industry self-regulation. Under this provision, industry groups and others may request Commission approval of self-regulatory guidelines to govern participants’ compliance, such that Web site operators in Commission-approved programs would first be subject to the disciplinary procedures of the safe harbor program in lieu of FTC enforcement. To date, the FTC has granted safe harbor to four companies: TRUSTe
TRUSTe
TRUSTe is a company based in San Francisco, California, best known for its online privacy seals. TRUSTe operates the world’s largest privacy seal program, certifying more than 3,500 websites, including leading online portals and brands like Yahoo, Facebook, Microsoft, Apple Inc., IBM, Oracle...
, ESRB
Entertainment Software Rating Board
The Entertainment Software Rating Board is a self-regulatory organization that assigns age and content ratings, enforces industry-adopted advertising guidelines, and ensures responsible online privacy principles for computer and video games as well as entertainment software in Canada, Mexico and...
, CARU and Privo.
The Act applies to websites and online services operated for commercial purposes that are either directed to children under 13 or have actual knowledge that children under 13 are providing information online. Most recognized non-profit organizations are exempt from most of the requirements of COPPA. However, the Supreme Court ruled that non-profits operated for the benefit of their members' commercial activities are subject to FTC regulation and consequently also COPPA. The type of "verifiable parental consent" that is required before collecting and using information provided by children under 13 is based upon a "sliding scale" set forth in a Federal Trade Commission
Federal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
regulation that takes into account the manner in which the information is being collected and the uses to which the information will be put.
Violations
The FTC has brought a number of actions against website operators for failure to comply with COPPA requirements, including actions against Girl's Life, Inc., American Pop Corn Company, Lisa FrankLisa Frank
Lisa Frank is an American pop artist and founder of Lisa Frank Incorporated, headquartered in Tucson, Arizona. The artist's work appears on various commercial elementary and middle-school products, mostly school supplies...
, Inc., and Mrs. Field's Cookies and Hershey Foods. In September 2006, the FTC levied substantial fines on several enterprises for COPPA violations. The website Xanga
Xanga
Xanga is a website that hosts weblogs, photoblogs, and social networking profiles. It is operated by Xanga.com, Inc., based in New York City.-Origins:...
was fined US$
United States dollar
The United States dollar , also referred to as the American dollar, is the official currency of the United States of America. It is divided into 100 smaller units called cents or pennies....
1 million for COPPA violations, for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent. Similarly, UMG Recordings, Inc. was fined US$400,000 for COPPA violations in connection with a Web site that promoted the then 13-year-old pop star Lil' Romeo
Romeo Miller
Percy Romeo Miller, Jr. , better known by his stage name Romeo , is an American rapper, actor, basketball player, entrepreneur, and model. He is the son of rapper and entrepreneur Master P and former rapper Sonya C. He is the nephew of rappers C-Murder and Silkk the Shocker and the brother of...
, and hosted child-oriented games and activities, and Bonzi Software, which offered downloads of an animated figure "BonziBuddy
BonziBUDDY
BonziBUDDY, also known as Bonzi, sometimes spelled Bonzi Buddy, BonziBuddy, BONZIBuddy was an on-screen "intelligent software agent" from BONZI Software, released in 1999 and discontinued in 2005. The official website stated that the software would help a user surf the Internet by using Microsoft...
" that provided shopping advice, jokes, and trivia was fined US$75,000 for COPPA violations.
Complying
Website operators must use reasonable procedures to ensure they are dealing with the child's parent. These procedures may include:- obtaining a signed form from the parent via postal mail or facsimile;
- accepting and verifying a credit card number;
- taking calls from parents on a toll-free telephone number staffed by trained personnel;
- email accompanied by digital signature;
- email accompanied by a PIN or password obtained through one of the verification methods above.
Operators who follow one of these procedures acting in good faith to a request for parental access are protected from liability under federal and state law for inadvertent disclosures of a child's information to someone who purports to be a parent.
International scope
This is an American law, however, the Federal Trade Commission has made it clear that the requirements of COPPA will apply to foreign-operated web sites if such sites "are directed to children in the U.S. or knowingly collect information from children in the U.S." Other countries like AustraliaAustralia
Australia , officially the Commonwealth of Australia, is a country in the Southern Hemisphere comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands in the Indian and Pacific Oceans. It is the world's sixth-largest country by total area...
have made similar laws protecting children under 13 online.
External links
- Children's Online Privacy Protection Act (COPPA) of 1998, via Federal Trade Commission
- 16 C.F.R. Part 312, the FTC's Children’s Online Privacy Protection Rule, via Government Printing Office
- How to comply with COPPA, via Federal Trade Commission
- Kidz Privacy site, via Federal Trade Commission
- FTC FAQ on COPPA compliance, via Federal Trade Commission
- COPPA.org
- Cybertelecom :: COPPA Information on COPPA regulatory developments