Any website or app, which is directed at children younger than 13, must comply with U.S. Federal Trade Commission (FTC) guidelines about collecting personal information. If the site or app collects personal information, it must first obtain written permission from a parent, according to the Children’s Online Privacy Protection Act (COPPA). This is not merely a “check the box to accept” situation. Parents must also be notified about how the information will be used. If the child is accessing the website through school, the school could obtain the parent permission on behalf of the website. Under COPPA, “personal information” could be any combination of information that may identify a child, such as first and last name together, Social Security number, phone number or geolocation. For example, if a child uses a cellphone to access the app and the site collects that data, the COPPA requirements come into effect. The trigger is the collection of the information. Many sites not directed to children specifically list in privacy policies that the sites are not for children younger than 13. A site that is purposely for children should be sure not to collect information or should have a complete and compliant COPPA policy. A site could have some limited reasons for collecting information about children, such as to analyze the functioning of the site or for personalizing content. Currently, only FTC can enforce COPPA, which it has done against small and large companies alike. There is not yet a private cause of action although some “trolls” are attempting to file class action suits. Congress is considering amendments to COPPA and creating a possible private cause of action.
Ned T. Himmelrich
410-576-4171 • email@example.com