(This post is part one of a three-part series. Part two: “FTC strengthens law protecting children’s personal information." Par three: "FTC issues long-awaited revisions to COPPA rules.")
Now that one-year-olds have mastered iPads, it’s clear that children will be interacting with the Internet more and more — and at a younger age.
Back in the late 1990s, the federal government demonstrated remarkable prescience about this technological shift and created strict rules that govern the information websites collect on underage users. It’s because of that law, the Children’s Online Privacy Protection Act (COPPA), that so many sweepstakes and contests exclude children under the age of 13.
COPPA went into effect in April 2000. The law is designed to give parents control over the information that is collected online from their children. However, the rule applies only to children who are under the age of 13. It covers all operators of commercial websites and online services directed at children under 13 that “collect, use, or disclose personal information from children.” The rule also applies to operators of general-audience websites and online services if they have actual knowledge that they are obtaining, using or disclosing personal information from children under 13.
The rule contains a number of specific requirements. For example, operators covered by the rule must:
- Create a comprehensive privacy policy that clearly describes how they handle children’s personal information and post this policy on their website;
- Notify parents and obtain “verifiable parental consent” before collecting information from children, subject to several so-called “email” exceptions that allow an operator to obtain parents’ consent via email in certain situations;
- Offer parents the option of consenting to the operator collecting and internally using the child’s information while at the same time prohibiting the operator from disclosing their child’s information to third parties;
- Allow parents to access their child’s collected personal information as well as the right to review the information and have it deleted;
- Give parents the opportunity to prevent the further use or collection of their child’s personal information online; and
- Protect the confidentiality, security, and integrity of information collected from children under the age of 13.
COPPA also bars operators from forcing children to provide more information than is reasonably necessary before allowing them to participate in online activities.
The Federal Trade Commission aggressively enforces the COPPA Rule; violators can be fined up to $11,000 per violation. In addition, states and certain other federal agencies, such as the Department of Transportation, have the authority to enforce COPPA as it pertains to their jurisdictions.
Because of the complications and expense of complying with the COPPA requirements and the risk of large fines for even an inadvertent failure to comply, it’s not surprising that many sponsors of sweepstakes and contests decide to exclude participation by persons under 13.
The FTC is currently in the process of amending the COPPA Rules in an effort to keep the regulation up to-date with the technological developments and increased usage of the Internet by children that have occurred since 2000. The second article in this series will discuss the FTC’s proposed amendments.
This post was written by retired Thompson Coburn partner Dale Joerling. If you have any questions about the topics discussed in this post, please contact Thompson Coburn partner Hap Burke.