World Library  
Flag as Inappropriate
Email this Article
 

Children's Online Privacy Protection Act

The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law, located at 15 U.S.C. §§ 6501–6506 (Pub.L. 105–277, 112 Stat. 2681-728, enacted October 21, 1998).

The act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites altogether disallow underage children from using their services due to the amount of cash and work involved in the law compliance.[1]

Contents

  • Background 1
  • Violations 2
  • Compliance 3
  • International scope 4
  • Criticisms 5
  • See also 6
  • References 7
  • External links 8

Background

The Federal Trade Commission (FTC) has the authority to issue regulations and enforce COPPA. Also under the terms of COPPA, the FTC designated "safe harbor" provision is designed to encourage increased industry self-regulation. Under this provision, industry groups and others may request Commission approval of self-regulatory guidelines to govern participants' compliance, such that website operators in Commission-approved programs would first be subject to the disciplinary procedures of the safe harbor program in lieu of FTC enforcement. As of 17 May 2013, the FTC has granted safe harbor to five companies: Aristotle, Inc., PRIVO, TRUSTe, ESRB, and CARU.[2]

In September 2011, the FTC announced proposed revisions to the COPPA rules, the first significant changes to the Act since its rules were issued in 2000. The proposed rule changes expand the definition of what it means to "collect" data from children. The new rules would also present a data retention and deletion requirement, which would mandate that data that is obtained from children is only kept for the amount of time necessary to achieve the purpose that it was collected for and also add the requirement that operators ensure that any third parties to whom a child's information is disclosed have reasonable procedures in place to protect the information.[3]

The Act applies to websites and online services operated for commercial purposes that are either directed to children under 13 or have actual knowledge that children under 13 are providing information online. Most recognized non-profit organizations are exempt from most of the requirements of COPPA.[4] However, the Supreme Court ruled that non-profits operated for the benefit of their members' commercial activities are subject to FTC regulation and consequently also COPPA.[5] The type of "verifiable parental consent" that is required before collecting and using information provided by children under 13 is based upon a "sliding scale" set forth in a Federal Trade Commission regulation[6] that takes into account the manner in which the information is being collected and the uses to which the information will be put.

Violations

The FTC has brought a number of actions against website operators for failure to comply with COPPA requirements, including actions against Girl's Life, Inc.,[7] American Pop Corn Company,[8] Lisa Frank, Inc.,[9] Mrs. Field's Cookies, and Hershey Foods.[10] In September 2006, the FTC levied substantial fines on several enterprises for COPPA violations. The website Xanga was fined US$1 million for COPPA violations, for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent.[11] Similarly, UMG Recordings, Inc. was fined US$400,000 for COPPA violations in connection with a Web site that promoted the then 13-year-old pop star Lil' Romeo, and hosted child-oriented games and activities, and Bonzi Software, which offered downloads of an animated figure "BonziBuddy" that provided shopping advice, jokes, and trivia was fined US$75,000 for COPPA violations.[12]

Other websites that were directed to children and shut down due to COPPA were: Kidswirl,[13] Skid-e-Kids,[14] and Imbee.[15]

Compliance

In December 2012, the

  • Children's Online Privacy Protection Act (COPPA) of 1998, via Federal Trade Commission
  • 16 C.F.R. Part 312, the FTC's Children's Online Privacy Protection Rule, via Government Printing Office
  • Six Step Compliance Plan for Your Business via Federal Trade Commission, Business Center
  • Kidz Privacy site, via Federal Trade Commission
  • FTC FAQ on COPPA compliance, via Federal Trade Commission
  • COPPA.org
  • Cybertelecom :: COPPA Information on COPPA regulatory developments
  • FTC Strengthens Kids’ Privacy, Gives Parents Greater Control Over Their Information By Amending Children’s Online Privacy Protection Rule, via FTC

External links

  1. ^ "Children'S Online Privacy Protection Act (COPPA)". Inc.com. 
  2. ^ "Safe Harbor Program". Federal Trade Commission. Retrieved 17 May 2013. 
  3. ^ "FTC Will Propose Broader Children's Online Privacy Safeguards".  
  4. ^ COPPA section 1302(2)(B)
  5. ^ "FTC v. California Dental Association, 526 U.S. 756 (1999)".  
  6. ^ http://www.ftc.gov/os/1999/10/64fr59888.pdf
  7. ^ "Girls Life, Inc". Federal Trade Commission. 2011-06-24. Retrieved 2012-07-07. 
  8. ^ "Jolly Time". Federal Trade Commission. 2011-06-24. Retrieved 2012-07-07. 
  9. ^ "Lisa Frank, Inc". Federal Trade Commission. 2011-06-24. Retrieved 2012-07-07. 
  10. ^ http://www.ftc.gov/opa/2003/02/hersheyfield.shtm
  11. ^ "FTC fines Xanga for violating kids' privacy - $1 million penalty against social networking site is largest under 1998 law", September 7, 2006
  12. ^ "UMG Recordings, Inc. to Pay $400,000, Bonzi Software, Inc. To Pay $75,000 to Settle COPPA Civil Penalty Charges". Federal Trade Commission. Retrieved 2012-07-07. 
  13. ^ "FTC Letter to Toby Clark, Kidswirl". Federal Trade Commission. 
  14. ^ "Operator of Social Networking Website for Kids Settles FTC Charges Site Collected Kids Personal Information Without Parental Consent". Federal Trade Commission. 
  15. ^ "Imbee.com Settles FTC Charges Social Networking Site for Kids Violated the Children's Online Privacy Protection Act; Settlement Includes $130,000 Civil Penalty". Federal Trade Commission. Retrieved 30 September 2014. 
  16. ^ Percival IV, Lynn C.; Elizabeth H. Johnson; Poyner Spruill LLP (July 1, 2013). "New Children’s Online Privacy Protection Act (COPPA) Rule Now In Effect". The National Law Review. Retrieved 7 July 2013. 
  17. ^ Larose, Cynthia J.; Julia M. Siripurapu; Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. (June 28, 2013). "Guide to Compliance with the Amended Children’s Online Privacy Protection Act (COPPA) Rule". The National Law Review. Retrieved 7 July 2013. 
  18. ^ Larose, Cynthia J. "Amended Children’s Online Privacy Protection Act (COPPA) Rule Compliance Deadline Approaching". Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. Retrieved 7 July 2013. 
  19. ^ "Children's Online Privacy Protection Rule: Not Just for Kids' Sites". Federal Trade Commission. Retrieved 7 July 2013. 
  20. ^ "FTC Strengthens Kids’ Privacy, Gives Parents Greater Control Over Their Information By Amending Children’s Online Privacy Protection Rule". Federal Trade Commission. Retrieved 7 July 2013. 
  21. ^ Percival IV, Lynn C.; Elizabeth H. Johnson; Poyner Spruill LLP (July 1, 2013). "New Children’s Online Privacy Protection Act (COPPA) Rule Now In Effect". The National Law Review. Retrieved 7 July 2013. 
  22. ^ "FTC Strengthens Kids’ Privacy, Gives Parents Greater Control Over Their Information By Amending Children’s Online Privacy Protection Rule". Federal Trade Commission. Retrieved 7 July 2013. 
  23. ^ Larose, Cynthia J.; Julia M. Siripurapu; Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. (June 28, 2013). "Guide to Compliance with the Amended Children’s Online Privacy Protection Act (COPPA) Rule". The National Law Review. Retrieved 7 July 2013. 
  24. ^ "FTC FAQ on COPPA. See, also, the COPPA Rule's definition of an "operator", which includes foreign websites that are involved in commerce in the United States or its territories. FTC Final Rule, Children's Online Privacy Protection Rule, 16 C.F.R. Part 312". Ftc.gov. Retrieved 2012-07-07. 
  25. ^ "Gaijin Entertainment (Russian company located in Russia under Russian jurisdiction) terms of service includes blocking children under 13". 
  26. ^ "DeviantArt's COPPA policy". 
  27. ^ "Northwestern Journal of Law & Social Policy | Vol 5 | Iss 2". Law.northwestern.edu. 2010-08-19. Retrieved 2012-07-07. 
  28. ^ http://www.assertid.com/coppa/parents/
  29. ^ "Parental Notification, the FTC and Kids Apps: What’s COPPA all about?". Retrieved 30 September 2014. 
  30. ^ "FTC's COPPA complying FAQ". 
  31. ^ "COPPA is bullshit.". Retrieved 30 September 2014. 
  32. ^ "How to Identify a Pedophile". wikiHow. Retrieved 30 September 2014. 
  33. ^ Lev-Ram, Michal (May 20, 2011). "Zuckerberg: Kids under 13 should be allowed on Facebook". Fortune. 

References

See also

Mark Zuckerberg, co-founder and CEO of Facebook, has expressed opposition to COPPA and stated "That will be a fight we take on at some point. My philosophy is that for education you need to start at a really, really young age."[33]

Sometimes people state that the law was made to protect children from pedophiles, however COPPA has no statements regarding Internet pedophilia. In addition, it's very hard to recognize an actual pedophile even in the physical world, and that kids actually know who was abusing them.[32]

COPPA is highly controversial and has been criticized as ineffective and potentially unconstitutional by many people.[27] They say it attacks children's rights to freedom of speech and self-expression. Delays in obtaining parental consent often result in children moving on to other activities that are less appropriate for their age. In addition, age restrictions and the "parental consent" process is easy for children to circumvent.[28] The law has also many safety flaws - for example it does not protect kids from being advertised to,[29] it does not prevent kids from accessing Common Sense Media, etc.), not government, are responsible for protecting children online.

Criticisms

However, the law caused huge international impact, so that even websites which are not either under US jurisdiction, or which servers or headquarters are not located into US, started blocking children under 13,[25] even giving up parental consent.[26] Staff of these websites explain their child blocking implementation by common sense of children - that they don't have enough common sense, or they can't make their own decisions. They compare the website accounts to documents like driver's license, National ID card (or a passport) etc.

  • by websites under US jurisdiction
  • by websites which servers are hosted in US
  • by websites which headquarters are located in the US territory.
  • by commercial websites.[24]

This is an American law, however, the Federal Trade Commission has made it clear that the requirements of COPPA will apply to foreign-operated web sites if such sites "are directed to children in the U.S. or knowingly collect information from children in the U.S." Since the law is US federal, it's applicable only to websites that run:

International scope

In the changes effective July 1, 2013, the definition of an operator has been updated to make clear that COPPA covers a child-directed site or service that integrates outside services, such as plug-ins or advertising networks, that collect personal information from its visitors.[20] The definition of a website or online service directed to children is expanded to include plug-ins or ad networks that have actual knowledge that they are collecting personal information through a child-directed website or online service. Websites and services that target children as a secondary audience may differentiate among users, and are required to provide notice and obtain parental consent only for those users who identify themselves as being younger than 13.[21] The definition of personal information requiring parental notice and consent before collection now includes “persistent identifiers” that can be used to recognize users over time and across different websites or online services. However, no parental notice and consent is required when an operator collects a persistent identifier for the sole purpose of supporting the website or online service’s internal operations.[22] The definition of personal information after July 1, 2013, also includes geolocation information, as well as photos, videos, and audio files that contain a child’s image or voice.[23]

According to a notice issued by the Federal Trade Commission an operator has actual knowledge of a user’s age if the site or service asks for – and receives – information from the user that allows it to determine the person’s age.[19] An example cited by the FTC includes, an operator who asks for a date of birth on a site’s registration page has actual knowledge as defined by COPPA if a user responds with a year that suggests they’re under 13. Another example cited by the FTC that an operator may have actual knowledge based on answers to “age identifying” questions like “What grade are you in?” or “What type of school do you go to? (a) elementary; (b) middle; (c) high school; (d) college.”

  • Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
  • Operators are prohibited from conditioning a child’s participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity.[18]
  • Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from persons under age 13;
  • Make reasonable efforts (taking into account available technology) to provide direct notice to parents of the operator’s practices with regard to the collection, use, or disclosure of personal information from persons under 13, including notice of any material change to such practices to which the parents has previously consented;
  • Obtain verifiable parental consent, with limited exceptions, prior to any collection, use, and/or disclosure of personal information from persons under age 13;
  • Provide a reasonable means for a parent to review the personal information collected from their child and to refuse to permit its further use or maintenance;
  • Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected from children under age 13, including by taking reasonable steps to disclose/release such personal information only to parties capable of maintaining its confidentiality and security; and

[17] After July 1, 2013, operators must:[16]

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.