Setup a Demo
Free 30 min website monetization consulting included
According to a UNICEF report, More than 175,000 minors are using the internet for the first time everyday. They’re all tapping into great opportunities, but, at the same time, getting exposed to grave risks.
Worldwide 1 in 3 internet users is a child, and yet – as outlined in The State of the World’s Children 2017: Children in a digital world – too little is done to protect them from the perils of the digital world, to safeguard the trail of information their online activities create, and to increase their access to safe and quality online content.
Online publishers, content creators, agencies, and any website with kid-friendly content or ads have an obligation under COPAA to avoid collecting personal data from children who are under the age of 13.
This post is meant to provide recommendations for the publisher and marketing community to follow COPPA and learn how they can avoid policy violations.
COPPA stands for ‘The Children’s Online Privacy Protection Act of 1998.’ This act is enforced by the Federal Trade Commission (FTC) that stipulates what online service providers, website operators, and marketers should do to protect minor’s privacy and safety on the web.
Though the act is 20 years old, the need for COPPA compliance has increased over the past few years because of heightened cases of online child abuse and privacy violations.
For example, YouTube received a whopping fine of $170 million in September 2019 for COPPA violations.
Like YouTube, Google has also faced pressure from privacy regulators. In March 2020, the search engine was fined $1.7 billion by the European Commission for collecting personal information from minors.
The primary goal of COPPA is to ensure parents have control over the information that websites are collecting from their children. The rule protects children who are under 13, and applies to operators of online services and commercial websites that collect, disclose, or use visitor data to serve targeted advertising.
The term ‘online services’ covers any service available over the web that allows users to connect to a wide-area network. For example, services that allow users to engage in social networking activities, receive online advertisements, play network-connected games, and interact with any online content.
More examples include smart speakers, VOIP services, voice assistants, and Internet-enabled-location-based services.
*COPPA’s scope of applicability is limited to US-based audiences. It applies to websites and online services that collect data from children in the US, irrespective of where they’re operating from.
According to the federal trade commission’s guidelines, personal information include:
Section 312.5 of FTC’s COPPA guidelines deals with parental consent. Any website or online service shall obtain parental content before gathering, storing, processing, or disclosing any personal information belonging to a child.
The act recommends all child-directed operators to also verify parental consent through technology-based solutions. FTC recommends following ways for ensuring verifiable consent from parents:
If an online service provider or operator is unable to obtain parental consent, the act restricts them from collecting any personal information from children under section 312.7.
The ad tech industry is obligated to comply with COPPA regulations. Irrespective of the role an advertising technology company plays in ad serving or content creation, they must adhere to kid’s data privacy laws if their online services are child-directed.
Any online service, app, website, or device that is targeted to appeal to children, then it is considered child-directed. Hence, if an ad-tech company obtains data from under-13 users by offering child-directed services, then they must abide by COPPA.
The act also applies to third parties in the digital advertising ecosystem. If the ad tech agencies or third parties have knowledge that they’re collecting personal data from users of another online services or website, they’ll be subjected to COPPA regulations.
Time needed: 5 minutes.
The Federal Trade Commission has listed a few steps that publishers or advertisers can take to ensure COPPA compliance. These steps include:
Publishers or ad tech companies can use different age verification techniques to identify the ages of their users. If their audience base is 13+, they don’t need to worry about COPPA compliance.
i. COPPA only applies to websites that:
ii. Serve content or ads to under 13 users and collect their data
iii. Do not have age-restriction filter for a new sign up
iv. Have an external plugin that collects information specifically from the children
If your content or ads cater to kids under the age to 13, your website should have all the information about the personal data that’s being collected from online users. For example:
i. Manner of data collection
ii. Type of personal data that you store
iii. Information about third parties or sources that are processes user’s personal data
iv. The policy must have a clearly visible section on parent’s rights on their children’s personal data.
Before gathering personal data from children, operators or publishers must give a clear notice to parents and request for their consent. They should be informed about:
i. Why the website is seeking their child’s personal information
iii. What information has been collected and where they’ll be used
iv. Whether you’ll be disclosing the information to third party sources
This notice should also mention ways through which parents can give their consent. COPPA also asks online operators to delete user information if parents do not give consent in a reasonable amount of time.
COPPA also asks the operators to verify parental consent that they’ve taken. The FTC website doesn’t mention any specific method for obtaining verifiable parental consent. But here are few acceptable methods:
i. Parents can sign an online consent form and send it back to the operator or company through email or postal service
ii. A toll free number can be made available for parents to give their consent to trained professionals
iii. Parents can provide any government ID
iv. Websites can use facial recognition technology to verify consent
i. New verification methods for parental consent
ii. Information on rights related to personal data
iii. How and where parents can review their information website has collected about their child
iv. How parents can revoke the parental consent
COPPA asks website operators to implement sufficient security measures on their site. It recommends them to not retain data for a longer period of time, and also restricts sharing of information with third-parties that are capable of maintaining confidentiality of such information.
COPPA has turned into a strict legislation that comprehensively addresses issues related to children’s privacy. It ensures that online operators follow acceptable privacy and security standards.
Over the last few years, FTC has hit many major operators with hefty fines for violating COPPA requirements. FTC has also passed many guidelines that have changed how companies gather and process personal information of children.
For detailed information on COPPA visit www.ftc.gov.