COPPA 2.0 compliance is here. Whether your site is ready or not, you need to be asking, enquiring, and doing whatever you can to come up to par with the current regulations. There is a laundry list of provision’s the FTC has put in to place, and on their behalf, have offered reasonable responses and substantial time to comply.
Inversoft has provided a shortened version of the ‘Business and Parents and Small Entity Compliance Guide’.
Please remember, this is merely a simplified reference. For more detailed information refer to the link at the bottom of this page.
Web Sites & Online Services Directed To Children
1. COPPA applies to Web sites or online services that are “directed to children.” What determines whether or not a Web site or online service is directed to children?
Specific factors include: subject matter, visual content, use of child orientated animation or activities, audio/music content, age of models, icons or celebrities that appeal to children, language or other characteristics that is child orientated…
2. I run a child-directed app. I would like to screen users so that I only have to get parental consent from children under age 13, not from everyone who uses the app. May I?
An online site/service directed to children must treat all visitors as children and provide COPPA’s protections to everyone. A children directed site/service may not screen users for age.
An under 13 child directed site/service, including parents and younger teens (those who meet this criteria) may age-screen users if:
- no collection of information is done prior to age verification
- prevents the collection, use, or disclosure of those who identify under the age of 13…
A site/service directed towards children may not prevent children from participating.
3. What evidence would I need to demonstrate whether children under age 13 are or are not the “primary target audience” for my Web site?
As the operator, you should carefully analyze who your intended audience is, the actual audience, and in many instances, the likely audience for your site or service…
Once the site has been up and running for some time, it is in your best interest to re-evaluate the persona of your site and make changes accordingly.
4. I run a site that I believe may fall within the FTC’s sub-category of a Web site directed to children but where it is acceptable to age-screen users. Can I age-screen and completely block users who identify as being under age 13 from participating in any aspect of my site?
If your site falls within the category “Web site or online service directed to children” (link) , you may not block children from participating (even if children are not the primary target audience).
The Rule now permits the use of age screening to filter between children and non-children users. Activities and functions may be different depending on age, but the site may not prohibit participation in a child-directed site/service.
5. I operate an advertising network service. Under what circumstances will I be held to have “actual knowledge” that I have collected personal information directly from users of another Web site or online service directed to children?
Circumstances depend on particular facts when considering if you have acquired “actual knowledge” when collecting personal information of a child-directed site or service.
Please read Statement of Basis and Purpose for more details on the standard of “actual knowledge,” and when it is met.
6. Am I required to inform third parties that my Web site or online service is directed to children? Even if I am not required to do so, how can I do this? If I signal the nature of my site or service, will this protect me from liability under COPPA?
It is not necessary to inform third parties of the child-directed nature of the site/service. Furthermore, even in doing so does not relieve you of the obligations under the Rule.
Under COPPA it is your responsibility: not to collect or allow any other entity to collect personal information from your visitors; or provide notice and obtain prior parental consent before collecting or allowing any entity to collect personal information from your visitors, as well as provide all of the other COPPA protections.
7. I want to run ads on my child-directed Web sites and apps. What do I need to know to make sure that I am complying with COPPA?
Questions you need to find answers to prior to any arrangement when considering ads:
- Can the type of ads be controlled? (e.g., contextual advertising, retargeting, behavioral advertising)
- What type of information will be collected from users on the site/service associated with the ads they are served? (e.g, geolocation, persistent identifiers)
Before you permit advertising, carefully research COPPA and decide from there. “The amended holds those liable for the collection of information that occurs on or through your site/service, even if you do not engage in such collection.”
8. I have no idea what information the third parties whose content I have embedded in my kids’ app might collect from my users. Do I need to know this information?
Yes. It is important to understand each third party’s collection practices and how that correlates with standard practices that require you, the site/service provider to give parents proper notice and obtaining the necessary consent prior to collection of the child’s information.
For information on Websites & Online Services for Children click here.