In this episode, we discuss the Children’s Online Privacy Protection Act (COPPA). It’s not nearly as boring as it sounds!
– A project Fred’s been working on for drip7 – Heather Stratford, Episode 61
– What is COPPA?
– Children’s Online Privacy Protection Act (COPPA) in 1998
– COPPA required the Federal Trade Commission to issue and enforce regulations concerning children’s online privacy. The Commission’s original COPPA Rule became effective on April 21, 2000
– The FTC has an excellent and detailed FAQ: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions–0
– What is it designed to do?
– The primary goal of COPPA is to place parents in control over what information is collected from their young children online.
– The Rule was designed to protect children under age 13, while accounting for the dynamic nature of the Internet.
– The Rule applies to operators of commercial websites and online services (including mobile apps and IoT devices, such as smart toys) directed to children under 13 that collect, use, or disclose personal information from children, or on whose behalf such information is collected or maintained (such as when personal information is collected by an ad network to serve targeted advertising).
– It applies not only to U.S. operators but to foreign ones as well
– Does COPPA help to limit child access to inappropriate content?
– No. COPPA is not designed to prevent child access to any content online. Its only purpose is to regulate the collection of information from children under the age of 13.
– What “personal information” is protected under COPPA?
– First and last name;
– A home or other physical address including street name and name of a city or town;
– Online contact information;
– A screen or user name that functions as online contact information;
– A telephone number;
– A Social Security number;
– A persistent identifier that can be used to recognize a user over time and across different websites or online services;
– A photograph, video, or audio file, where such file contains a child’s image or voice;
– Geolocation information sufficient to identify street name and name of a city or town; or
– Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described above.
– What rights do parents have under COPPA?
– If a company, web site, or service is covered by COPPA, it must adhere to the following requirements:
– Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children;
– Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children [under the age of 13];
– Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);
– Provide parents access to their child’s personal information to review and/or have the information deleted;
– Give parents the opportunity to prevent further use or online collection of a child’s personal information;
– Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security;
– Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use; and
– Not condition a child’s participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity.
– Recent News
– #2021–08–29 Angry Birds maker sued for allegedly violating child privacy
https://appleinsider.com/articles/21/08/29/angry-birds-maker-sued-by-new-mexico-for-allegedly-violating-coppa
– New Mexico’s attorney general Hector Balderas alleges that Rovio Entertainment has been collecting and selling the personal data of children under the age of 13
– Balderas also alleges “aggressive targeting” of underage children “through the sale of in-game goods, out-of-game media, and merchandise.”
– Allegation that Revio surreptitiously “exfiltrates” the personal information of children and then sells it.
– #2021–08–10 Google will add privacy steps for teenagers on its search engine and YouTube.
https://www.nytimes.com/2021/08/10/business/google-youtube-teenagers-privacy.html
– #2021–07–08 FTC settles with app for violating COPPA
https://www.lexology.com/library/detail.aspx?g=d6c81d0a-d363–4f3e-a5fa–455a3fd83e55
– #2021–07–01 Online Coloring Book App Recolor Settles FTC Allegations It Illegally Collected Kids’ Personal Information
https://www.ftc.gov/news-events/press-releases/2021/07/online-coloring-book-app-recolor-settles-ftc-allegations-it
– #2021–03–18 Facebook is working on a version of Instagram for kids under 13
https://www.theverge.com/2021/3/18/22338911/facebook-instagram-kids-privacy-coppa
– #2020–07–27 COVID–19 and COPPA: Children’s Internet Privacy in a New, Remote World
https://www.natlawreview.com/article/covid–19-and-coppa-children-s-internet-privacy-new-remote-world
– #2019–12–18 Parents Sue TikTok for COPPA Violations, Settle for $1.1M
https://www.jdsupra.com/legalnews/parents-sue-tiktok-for-coppa-violations–67961/
– Possible class action against Musical.ly (creator of TikTok) and ByteDance (current owner)
– Allegations that defendants “failed to deploy appropriate safeguards,”
– #2017–07–28 COPPA and Schools: The (Other) Federal Student Privacy Law, Explained
https://www.edweek.org/technology/coppa-and-schools-the-other-federal-student-privacy-law-explained/2017/07