The Federal Trade Commission (FTC) has established rules for Web site operators to make sure that kids' privacy is protected while they're online. These rules are part of the Children's Online Privacy Protection Act (COPPA).
Anyone that operates a commercial Web site or an online service directed to children under 13 that collects personal information from children or operates a general audience Web site and has actual knowledge that they are collecting personal information from children must comply with the FTC rules.
Directed to Children
To determine whether a Web site is directed to children, the FTC considers several factors, including the subject matter, visual or audio content, the age of models on the site, language, whether advertising on the Web site is directed to children, information regarding the age of the actual or intended audience and whether a site uses animated characters or other child-oriented features.
To determine whether an entity is an "operator" with respect to information collected at a site, the FTC considers who owns and controls the information, who pays for the collection and maintenance of the information, what the pre-existing contractual relationships are in connection with the information and what role the Web site plays in collecting or maintaining the information.
The Children's Online Privacy Protection Act and Rule apply to individually identifiable information about a child that is collected online, such as full name, home address, e-mail address, telephone number or any other information that would allow someone to identify or contact the child.
The Children's Online Privacy Protection Rule requires an operator of a commercial Web site that collects personal information from children to do the following:
- Provide notice to parents about the site's information collection practices and get verifiable parental consent before collecting any information from children
- Give parents an option to consent to the operator's collection and use of the child's personal information but forbid the operator from disclosing the information to third parties
- Permit parents to access their children's personal information and give the parents an opportunity to delete the information
- Provide parents with an opportunity to prevent further collection or use of their children's personal information
- Maintain the confidentiality, security and integrity of all information collected from children
The Rule prohibits an operator from conditioning a child's participation in an activity on the child's disclosure of more personal information than is reasonably necessary for the activity
What Parents Can Do
Read the policy closely to learn the kinds of personal information being collected, how it will be used and whether it will be passed on to third parties. If you find a Web site that doesn't post basic protections for children's personal information, ask for details about their information collection practices.
Decide whether to give consent. Giving consent authorizes the Web site to collect personal information from your child. You can give consent and still say no to having your child's information passed along to a third party.
Your consent isn't necessary if the Web site is collecting your child's email address simply to respond to a one-time request for information.
At any time, you may revoke your consent, refuse to allow an operator to further use or collect your child's personal information and direct the operator to delete the information.
Questions For Your Attorney
- How can I be sure that a Web site operator has deleted my child's personal information after I request it?
- I gave a web site my consent to collect my child's personal information for certain contests and games. I just learned that the site offered to let my child use "chat rooms," but it never asked for my consent. Is this a violation of COPPA?