As a parent, you have control of the personal information
companies collect online from your children under the age of 13. The Children’s
Online Privacy Protection Act (COPPA) gives you tools to do that. The Federal Trade
Commission enforces COPPA (15 USC §§ 6501-6506). If a site or service is covered by COPPA,
it must obtain your consent before collection personal information from your
child and it has to honor your choices about how that information is used.
What is COPPA (15 USC §§ 6501-6506)?
The COPPA Rule was put in place to protect children’s
personal information on websites and online services – including apps – that
are directed to children under the age of 13. The Rule also applies to a
general audience site that knows it is collecting personal information from
children that age. COPPA requires those sites and services to notify parents
directly and get their approval before they collect, use, or disclose a child’s
personal information.
Personal information in the world of COPPA includes a
child’s name, address, phone number or email address; geolocation information,
photos, videos and audio recordings of the child, and persistent identifies
like IP addresses and mobile device ID’s, that can be used to track a child’s
activities over time across different websites and online services.
Does COPPA affect the sites and services my children use?
If the site or service does not collect your child’s
personal information, COPPA is not a factor. COPPA kicks in only when sites
covered by the Rule collect certain personal information from your children.
Practically speaking, COPPA puts you in charge of your child’s personal
information.
How does COPPA work?
COPPA works like this: Your child wants to use features on a
site or download an app that collects their personal information. Before they
can, you should get a plain language notice about what information the site
will collect, how it will use it, and how you can provide your consent.
The notice should link to a privacy policy that is also
plain to read – and in language that is easy to understand. The privacy policy
must give the details about the kind of information the site collects, and what
it might do with the information – say, if it plans to use the information to
target advertising to a child or give or sell the information to other
companies.
In addition, the policy should state that those other
companies have agreed to keep the information safe and confidential, and how to
contact someone who can answer your questions. The notice also should have
directions on how to give your consent. Sites and services have some
flexibility in how to do that. Some may ask to send back a
permission letter. Others may have a toll-free number you may call. If you
agree to let the site or service collect personal information from your child,
the have a legal obligation to keep it secure.
What are my choices?
The first choice is whether you are comfortable with the
site’s information practices. Start by reading how the company plans to use
your child’s information.
Then, it is about how much consent you want to give. You might give the company permission to collect your child’s personal
information, but not allow it to share that information with others. Once you
give a site or service permission to collect personal information from your
child, you are still in control.
As the parent, you have the right to review the information
collected about your child. If you ask to see the information, keep in mind
website operators need to make sure you are the parent before providing you
access. You also have the right to retract your consent any time, and to have
any information collected about your child deleted.