Does Your Business Understand COPPA Compliance Laws?
If your business operates a website that intends to or does target children as an audience,
it must understand COPPA compliance! Any website that is directed toward children under the
age of 13 or knowingly collects any information from children under 13 will need to comply
with The Children's Online Privacy Protection Act (COPPA). The Act requires that all such websites
obtain verifiable parental consent before collecting, using, or disclosing personal information
COPPA Compliance Is Required If Your Website:
• Contains content directed towards children (or partially directed to children).
Even if your business's website is not directed towards children, if the content contains items
that normally would appeal to children, such as cartoons or animations, you should maintain
COPPA compliance to be safe;
• Contains ads directed towards children;
• Collects any type of information from children.
If any of the above circumstances apply, the required COPPA disclosures must appear on
your website as well. (A checklist of these requirements can be found at coppa.org and you
need to make sure you incorporate each required disclosure.)
Any webpage that has content targeted towards or that attracts children should contain
be "clear and conspicuous" as such term is used under the FTC guidelines. Your business should
be sure to follow those guidelines in your placement of all links and disclaimers on the website
at all times. (As a helpful suggestion, use a larger size font or different color type on a
contrasting background to display the link).
In order to determine whether a website is directed towards children, the FTC considers
several factors, including the subject matter; visual or audio content; the age of models on
the site; language; whether advertising on the website is directed to children; information
regarding the age of the actual or intended audience; and whether a website uses animated characters
or other child-oriented features.
• the name and address of all the operators of the site;
• the kinds of information being collected and how it is being collected;
• how the operator intends to use the information;
• whether the operator provides this information to third parties and information
about those third parties and how they intend to use the information;
• a notice to parents that they have the right to allow the collection of the
information by the operator but not by third parties; and a statement that the parent can
review the child's information and ask to have it deleted.
There are other provisions that must be included in the notice as well, including providing
a written procedure for a notice sent directly to the parents and for the parents to actively
consent, in writing, to the collection of this information prior to the information being collected.
The site operator must notify a parent in the form of an email, postal mail, fax and in other
similar ways set forth in the regulations and the operator must then obtain "verifiable parental
consent" to the entire process.
During an interim period, there are specific regulations about how this consent is to
be obtained based upon how the information is going to be used by your website. If the information
will be made widely available to the public or third-party providers, the more restrictive
the requirements are under COPPA.