               Legal Landscape
Recent Posts
Recent Comments
Most Commented On
ArchivesBlog
Link This | Email this | Blog This | Comments (0)
Does your website collect information from children under the age of 13?June 29, 2007Perhaps you aren’t doing so deliberately. But if your website collects date of birth information as part of a user registration process or otherwise, and you don’t take affirmative steps to screen out users under the age of 13, then you are required to comply with the federal Children’s Online Privacy Protection Act (COPPA). COPPA compliance basics COPPA applies to operators of websites and online services that either (1) are directed to children under thirteen or (2) have actual knowledge that such children are providing information through the website. If you are collecting date of birth information, then you are considered to have the requisite actual knowledge of the age of users from whom you are collecting that information, including children. If either of the two stated conditions is present, then the you must: "Directed to children" The FTC makes the determination of whether a website is “direct to children” on a case-by-case basis. In some cases it will be obvious that a website or online service is "directed to children," such as a website that promotes a children's book or a children's television program. The FTC, which enforces COPPA, brought an enforcement action against a record company whose artists' promotional websites included one for child rapper "Lil' Romeo," who was then only 12 himself. The website offered games and music aimed at elementary school age children. Other enforcement actions have been brought against Mrs. Field's Cookies, for a website that offered birthday clubs for children 12 or under and provided birthday greetings and coupons for free cookies or pretzels. Also, last year, the FTC, as part of a settlement, a social networking site agreed to a $1 million civil penalty after allegations that it collected, used, and disclosed personal information from children under the age of 13 without first notifying parents and obtaining their consent. Verifiable parental consent The type of “verifiable parental consent” required for COPPA compliance is based on a "sliding scale" according to the use to which the information will be put. Internal Use Only - Websites that collect personal information from children under 13 and only use the information for internal purposes may obtain parental consent through e-mail; provided, the operator takes additional steps to confirm the parent’s identity. For example, this might include a delayed confirmatory e-mail to the parent, or a follow-up letter or telephone call. Disclosure to Third Parties - For activities that will allow personal information obtained from children under 13 to appear in public areas of a website such as chat rooms and message boards, and/or where the operator will disclose such information to third parties, the following methods of obtaining parental consent are required: * A consent form that may be printed out and returned by postal mail or fax (known as "print-and-send"); Less burdensome methods of obtaining parental notice and/or consent are provided where information collected from children will only be used for a one-time specified purpose or for a specific repeated purpose. In addition, these site operators must provide for the secure maintenance of the collected information, and not condition a child’s participation in an activity on the child’s disclosure of more personal information than is reasonably necessary under the circumstance. The FTC makes COPPA compliance information available on its website. Posted by Jeff Neuburger on June 29, 2007 | Comments (0)
Advertisement
|
Advertisements
|
SPONSORED LINKS |
|
