What Does Children’s Online Privacy Protection Act of 1998 Mean?
The Children’s Online Privacy Protection Act of 1998 (COPPA) is a federal law that prohibits websites from knowingly collecting and maintaining the online information and privacy of children under the age of 13. COPPA gives parents control of information collected from their children online. The law was enacted on October 21, 1998 and became effective April 21, 2000. COPPA violations are subject to civil penalties (up to $11,000 for each violation).
On December 19, 2012, the FTC introduced changes and updates to COPPA in the wake of the December 14 shootings at Sandy Hook Elementary School in Newtown, Connecticut.
Techopedia Explains Children’s Online Privacy Protection Act of 1998
Historically, COPPA defined the Internet of 1998, which did not include current information collection practices and technologies, such as Web advertising, mobile Web, geolocation and photos/images. The FTC’s revisions will affect the way that children use smartphones and applications (apps).
COPPA applies to any online collected data about children, including a child’s name, address, phone number and email address, and covers other types of data tied to a child’s personal information, like interests, hobbies or data derived from cookies or other tracking mechanisms.
The Federal Trade Commission (FTC) enforces oversight and compliance of the COPPA law and rule, which applies to the following:
- Commercial websites or online services geared toward children under 13 that collect personal information from children. The FTC considers factors like audio/visual content, subject matter, advertising, site model age and language.
- Websites or online services geared toward a general audience with knowledge of the collection of personal information from children. The FTC considers the website owner, who pays for data collection and maintenance, preexisting contractual relationships connected with the data and information and the role of a website in information collection.
Per COPPA, websites that fall under either category must do the following:
- Allow parents to secure parental permission before data is collected
- Allow parents to choose to consent to the website’s collection and use of children’s information. However, this data may not be disclosed to third parties.
- Allow parents to access their child’s personal data for review and/or information deletion
- Allow parents to prevent continued online collection or use of personal information
- Maintain the security, integrity and confidentiality of information collected from children