Children's Online Privacy Protection Act of 1998 (COPPA)

Historically, COPPA defined the Internet of 1998, which did not include current information collection practices and technologies, such as Web advertising, mobile Web, geolocation and photos/images. The FTC's revisions will affect the way that children use smartphones and applications (apps).

COPPA applies to any online collected data about children, including a child's name, address, phone number and email address, and covers other types of data tied to a child's personal information, like interests, hobbies or data derived from cookies or other tracking mechanisms.

The Federal Trade Commission (FTC) enforces oversight and compliance of the COPPA law and rule, which applies to the following:

• Commercial websites or online services geared toward children under 13 that collect personal information from children. The FTC considers factors like audio/visual content, subject matter, advertising, site model age and language.
• Websites or online services geared toward a general audience with knowledge of the collection of personal information from children. The FTC considers the website owner, who pays for data collection and maintenance, preexisting contractual relationships connected with the data and information and the role of a website in information collection.

Per COPPA, websites that fall under either category must do the following:

• Post a website privacy policy describing its practices related to the collection of the personal information of children
• Allow parents to secure parental permission before data is collected
• Allow parents to choose to consent to the website's collection and use of children's information. However, this data may not be disclosed to third parties.
• Allow parents to access their child’s personal data for review and/or information deletion
• Allow parents to prevent continued online collection or use of personal information
• Maintain the security, integrity and confidentiality of information collected from children