Children's Online Privacy Protection Act (COPPA) — December 2012 Expansion of the Rule

Applicability in the Camp Community

Federal Trade Commission Issues New Updates — December 19, 2012
Some camp websites not previously included in the rule, many now be subject to COPPA:
Access the details.
Read
the statement of FTC Chairman Jon Leibowitz.

Congress enacted the Children’s Online Privacy Protection Act (COPPA)  in 1998. COPPA contains a requirement that the Federal Trade Commission (FTC or Commission) issue and enforce a rule concerning children’s online privacy, which the Commission did in 1999. The Children’s Online Privacy Protection Rule became effective on April 21, 2000.

The primary goal of COPPA and the Rule is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13. The Rule applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.

Applicability

COPPA applies to websites or online services that are “directed to children.” What determines whether or not a website or online service is directed to children?  The Rule sets out a number of factors for determining whether a website is directed to children, such as whether its subject matter and language are child-oriented, whether it uses animated characters, or whether advertising appearing on the website is directed to children. The Commission will also consider empirical evidence regarding the actual and intended ages of the website’s visitors.  December 19, 2012 - Expansion of the definition: The definition of an operator has been updated to make clear that the Rule covers a child-directed site or service that integrates outside services, such as plug-ins or advertising networks, that collect personal information from its visitors. 

COPPA applies to personal information collected online from children by websites and online services located on the Internet.  COPPA does not apply to information collected from adults.

Need help determining how this law applies to your organization?  Call the FTC Help line at:
877-FTC-HELP, or email them at COPPAHotLine@FTC.gov.

Details

Operators of websites included in the rule must:

  • Post a clear and comprehensive privacy policy on their website describing their information practices for children’s personal information.
  • Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from children.
  • Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties.
  • Provide parents access to their child’s personal information to review and/or have the information deleted.
  • Give parents the opportunity to prevent further use or online collection of a child’s personal information.
  • Maintain the confidentiality, security, and integrity of information they collect from children.
  • In addition, the Rule prohibits operators from conditioning a child’s participation in an online activity on the child’s providing more information than is reasonably necessary to participate in that activity.
  • December 2012 Update: "Personal information" now also includes geolocation information, as well as photos, videos, and audio files that contain a child’s image or voice. 
     

Resources