Jul 18, 201309:27 AMLegal Login
with contributors from Whyte Hirschboeck Dudek
What you need to know about the Children’s Online Privacy Protection Act amendments
(page 1 of 2)
To keep pace with rapidly evolving technology, the Federal Trade Commission (FTC) recently issued several important amendments to the Children’s Online Privacy Protection Act of 1998 (COPPA). All businesses that use social media, technology, and mobile applications should be aware of the new requirements, which became effective on July 1, and take steps to comply with them.
What is COPPA?
COPPA was enacted to ensure the privacy and security of children under 13 on the Internet and requires the FTC to issue and enforce various related regulations.
Who must comply with COPPA rules?
COPPA applies to all individuals or entities that: 1) collect, use, or disclose personal information online or through mobile technology and 2) direct their activities or services toward children or have actual knowledge that children under age 13 use their services (covered providers). Given that most businesses operate websites, mobile applications, and social media, COPPA may apply to a large number of individuals and entities. The FTC, in fact, has clarified that COPPA applies to a host of emerging technologies, including mobile technologies, ecommerce sites, and certain texting programs.
What does COPPA require?
COPPA requires all covered providers to:
- Maintain the confidentiality, security, and integrity of personal information they collect from children.
- Retain the information only for as long as necessary to fulfill the purpose for which the information was collected.
- Provide tools to parents. This includes providing direct notice to parents and obtaining verifiable parental consent (with some limited exceptions) prior to collecting personal information online from children; allowing parents to prevent the disclosure of their child’s personal information to third parties; allowing parents to access their child’s personal information to review and/or have the information deleted; and providing parents with the opportunity to prevent further use or online collection of a child’s personal information.
- Allow children to use their websites/online services without providing any more information than is reasonably necessary to participate. Covered providers may not condition participation on providing more information than is necessary.