What is the Children’s Online Privacy Protection Act?

The Children's Online Privacy Protection Act protects personal data about children from being collected online.

The Children’s Online Privacy Protection Act (COPPA) is a United States federal law that became effective in 2000. The act applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children’s privacy and safety online including restrictions on the marketing to those under 13 years of age.

An Overview of COPPA

The Federal Trade Commission (FTC) has the authority to issue regulations and enforce COPPA. In September 2011, the FTC announced proposed revisions to the COPPA rules, the first significant changes to the Act since its rules were issued in 2000. The proposed rule changes expand the definition of what it means to collect data from children. The new rules would also present a data retention and deletion requirement, which would mandate that data that is obtained from children is only kept for time necessary to achieve the purpose that it was collected. The second rule change adds the requirement that operators ensure that any third parties to whom a child’s information is disclosed have reasonable procedures in place to protect the information.

The Act applies to websites and online services either operated for commercial purposes that are directed to children under 13 or have actual knowledge that children under 13 are providing information online. Most recognized non-profit organizations are exempt from most of the requirements of COPPA.

Significant Court Cases Interpreting COPPA

The FTC has brought a number of actions against website operators for failure to comply with COPPA requirements. The website Xanga was fined one million for COPPA violations, for repeatedly allowing children under 13 to sign up for the service without getting their parent’s consent. The Supreme Court held in FTC v. California Dental Association (1999) that non-profits that operated for the benefit of their members’ commercial activities are subject to FTC regulation and consequently COPPA.

What are Civil or Criminal Remedies for a Violation of COPPA?

There are no criminal penalties for a violation of COPPA. The FTC may bring an action if:

• A site misleads consumers and
• Affects consumers’ behavior or decisions about the product or service.

Specifically, it is a deceptive practice to represent that a Web site is collecting personal identifying information from a child for one reason when the information will be used for another reason. Punishments include injunctive relief and fines.

What are Defenses to a Violation of COPPA?

The regulations include several exceptions that allow operators to collect a child’s email address without getting the parent’s consent in advance. These exceptions cover many popular online activities for kids, including contests, online newsletters, homework help, and electronic postcards.

The law concerning the COPPA is complex. If you believe that you are a victim of a violation of the COPPA or are a business that needs assistance complying with COPPA regulations, then contact the experienced attorneys at Meyers Roman Friedberg & Lewis, LPA to evaluate your matter. Call today to find out more information at (216) 831-0042.