The Federal Trade Commission has issued some “Frequently Asked Questions” about the Children’s Online Privacy Protection Act (COPPA) based on amended rules that go into effect on July 1st. Click here to see the FAQ.
“The primary goal of COPPA,” wrote the FTC in the FAQ, “is to place parents in control over what information is collected from their young children (under 13) online.”
The Rule, according to the agency, “applies to operators of commercial Web sites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience Web sites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.”
The document covers issues including COPPA enforcement, privacy policies and notifications, geolocation data, verifiable parental consent and COPPA in schools.
Operators covered by the Rule must:
- Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;
- Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);
- Provide parents access to their child’s personal information to review and/or have the information deleted;
- Give parents the opportunity to prevent further use or online collection of a child’s personal information;
- Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and
- Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
(Source: Federal Trade Commission)
COPPA Not a panacea
It’s important for parents to understand that COPPA is about keeping children from providing personally identifiable information to commercial sites, but not about online safety. COPPA compliance in no way means that the site is safe or appropriate for young children.
Also, age determination is based on what date of birth the user enters. If children lie about their, the sites is not responsible to verify their age nor is there any magic technology that can determine a users actual age.
Sites, apps and services that are aimed at a general audience are not required to ask people their age so parents should not be lurred into a false sense of security that their children are “protected” in all situations.
Parents help kids lie about their age
One consequence of COPPA is that some sites, including Facebook and many other social networking services, ban children under 13. Yet many children get on them anyway. This isn’t necessarily dangerous but does violate the intention of COPPA.
A study conducted in 2011 found that millions of children under 13 access Facebook by entering in a false date of birth, many with help from their parents. Nearby a fifth (19 percent) of the parents of 10-year-olds acknowledged that their child was on Facebook. About a third (32 percent) of parents of 11-year-olds knew their kid was on it. And the same was true for more than half (55 percent) of parents of 12-year-olds. Each of these kids had to lie to get an account.
For kids who were under 13 at the time they signed up, 68 percent of the parents “indicated that they helped their child create the account.” Among 10-year-olds on Facebook, a whopping 95 percent of parents were aware their kids were using the service and 78 percent helped create the account.
Since many under-13 children are on sites like Facebook, it’s important for parents to talk with their kids about appropriate use of these services, even if they are under the required age. That isn’t to suggest that we should condone kids lying about their age, but we need to be realistic and do what we can to be sure that kids understand how to protect their own privacy and reputations when using these services.
Complying with COPPA: Frequently Asked Questions (from the FTC)