The Children’s Online Privacy Protect Act of 1998 [“COPPA“] sets forth the requirements business must meet when collecting information online from kids under the age of 13. The law can be complicated, so we’ve put together this introductory guide to get you started.
If you run anything with an online component – website, apps, plugins, etc. – you have a serious problem whether you realize it or not. That problem? Are kids under the age of 13 attracted to or actually using your platform? If so, then you must be COPPA compliant or risk an FTC enforcement action that will bring you to your knees financially and emotionally.
The penalties for violating COPPA are brutal. The FTC can claim damages of up to $40,000 per each child an online operator gathers information from in violation of the law. For example, a site found to have violated the law for 100 kids faces a claim of up to $4,000,000 [$40,000 x 100]. The financial threat is a real problem, not some pie in the sky hypothetical. Playdom, a Disney subsidiary, paid $3,000,000 to settle COPPA claims. The company behind the Path app recently paid $800,000 to settle its COPPA compliance problem.
COPPA violations typically include damage claims in the six figure range. Add legal fees to defend the action, and you could be looking at a huge financial outlay. Put another way, this is a serious topic that demands your full attention.
Law and Regulations
Advocates argue the purpose of COPPA is to protect kids from predators online. It is not. The law in intended to stop marketers from building marketing portfolios of information on children under 13 without the consent of their parents. Other criminal laws exist for dealing with disgusting child predators.
When Congress passed COPPA, it charged the Federal Trade Commission [“FTC”] with enforcing the law and issuing regulations detailing compliance steps to be taken by online operators. The FTC first issued these regulations, known as the “COPPA Rule”, in 2000. The Rule was re-written in 2013.
COPPA also contains a provision allowing states to bring enforcement actions. Only three states have done so to date – New Jersey, Texas and Maryland.
The first step to complying with COPPA is to determine if compliance is even necessary. Your online property must be analyzed to determine if it is “directed at children” or there is evidence of actual knowledge of kids under 13 using the platform. If either of these conditions exist, then a number of legal steps will be required including:
- Possibly altering language on the home, registration or purchase pages of the property,
- Creating a consent form detailing your information collection practices,
- Creating a process for obtaining consent from parents, and
- Creating a storage process for handling parental consent evidence.
To summarize, the COPPA compliance process should proceed as follows:
- Determine if the site is directed at children under age 13,
- If not, determine if there is actual knowledge of children under 13 using the site, and
- If either of the first two provisions are met, prepare a process and paperwork for obtaining verified parental consent.
We analyze websites, apps, and online properties to determine if COPPA compliance is necessary. If it is, we walk you through the steps necessary to establish compliance and provide the necessary documentation. If not, we provide direction and revised site documents that can help minimize the chance of kids under 13 using your site in a manner that will raise the ire of the FTC.
We also provide a second service many online operators are desperate for – answers to your questions on COPPA. There are few, if any, attorneys online who are intimately familiar with this law. We are.
If you’ve made it this far, it is time to take the next step. Contact us today for a free initial consultation.
Richard A. Chapo, Esq.