Thursday, January 17, 2013

Children's Online Privacy Protection - COPPA

If you operate a website and have cookies enabled and/or collect information via forms or other methods, you may want to take steps ensure you do not collect any information on children under the age of 13.

Laws, such as the Children's Online Privacy Protection Act (COPPA) have been in place for several years to limit the collection of data from children. The FTC took some time since 2010 to review possible updates to the law.

A list of updates can be found here. Among the updates, you will see:

*Personal information now includes photos, videos and geolocation information (e.g. IP Addresses)
*Website owners are required to ensure third parties that use their website also comply with COPPA
*Website owners must adopt procedures for data retention and deletion

COPPA's main target is operators of websites or online services that are either directed to children under 13 or have actual knowledge that they are collecting personal information from children under 13. To the extent you fit this description, you must give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information, and keep secure the information you collect from children

Unless you ask your end user whether or not their are under the age of 13, this may be difficult in some cases. However, in order to take advantage of 'safe harbor' rules, it is in your best interest to look into age verification methods if you intend to use the data you collect.