What is the Children’s Online Privacy Protection Act? (COPPA)

Amendments to the 1998 Children’s Online Privacy Protection Act (COPPA) rule went into effect on July 1, 2013. Before we can dive into what the updates entail, however, a quick primer on COPPA is necessary. COPPA launched in 1998 and is a set of regulations tailored to place parents in control over what information is collected from their children online. By “children,” the Act is referring to any “individual under the age of 13.” So who must comply with COPPA? Any website or online service operator that collects or maintains personal information (name, address, email address, telephone number, etc.) about users or visitors to the website, which may include children. Note that even if the website operator may not be actively encouraging children to use their website or is unaware that some of their users may be under age, mere ignorance of the Act or of such users does not constitute a defense.

Moreover, COPPA applies to more than just websites; it also extends to “online services” as well. Here, online services may refer to play network-connected games, social networking sites or applications, receiving online advertisements, purchasing goods or services online, and even voice-over-Internet protocol services. COPPA also specifically prohibits operators from enticing children to provide personal information in return for rewards or participation in online games.

As such, in order to comply with COPPA, operators whom collect personal information from children must provide clear notice on what personal information is to be collected, disclosure practices of such information, and must seek verifiable parental consent for the collection, use, and disclosure of such information. If they do not comply, the collection of such personal information from children is strictly prohibited. Once information is collected, however, operators are required to maintain reasonable protocols to protect the integrity of the information collected.

Likewise, if an operator receives a request from a parent regarding the personal information collected from their child, the operator must provide the description of the information collected, offer the parent the opportunity to refuse to allow their child to provide any further information, and a means for the parent to remove the information collected from the child.

Lastly, COPPA overrides any conflicting state or local law. As such, any operators of websites and online services should familiarize themselves with COPPA in order to minimize their online liability. For those whom are worried that they have run afoul of COPPA, some safe harbors do exist, for more information, visit http://business.ftc.gov/privacy-and-security/childrens-privacy.

Sources: Children's Online Privacy Protection Rule ("COPPA") | Federal Trade Commission

For more information on this topic, please visit our online privacy page.

Klemchuk PLLC is a leading IP law firm based in Dallas, Texas, focusing on litigation, anti-counterfeiting, trademarks, patents, and business law. Our experienced attorneys assist clients in safeguarding innovation and expanding market share through strategic investments in intellectual property.

This article is provided for informational purposes only and does not constitute legal advice. For guidance on specific legal matters under federal, state, or local laws, please consult with our IP Lawyers.

© 2024 Klemchuk PLLC | Explore our services