Term: COPPA (Children’s Online Privacy Protection Act)
COPPA is a US federal law designed to protect children’s privacy online by imposing specific requirements on operators of websites and online services.
What is COPPA?
The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their children.
The COPPA was passed in the 1990s to address the growth of online marketing techniques targeting children. Various websites were collecting personal information without parents’ knowledge or consent.
What is required under COPPA?
According to the FTC, COPPA applies to operators of commercial websites and online services (including mobile apps and IoT devices, such as smart toys) directed at children under 13 that collect, use, or disclose personal information from children, or those who collect, use, or disclose such information on their behalf (such as ad networks that utilize personal information to deliver targeted advertisements).
Covered operators must:
- Publish a clear and comprehensive online privacy policy describing how children’s personal information is handled;
- Children’s personal information should be collected only with their parents’ consent, with limited exceptions;
- The operator should be permitted to collect and use a child’s information internally, but cannot disclose that information to third parties (unless the disclosure is integral to the service or site, which must be clearly explained to parents);
- Allow parents to review and/or delete their child’s personal information;
- Allow parents to prevent further use or online collection of their children’s information;
- Protect the confidentiality, security, and integrity of information they collect from children, including by releasing it only to parties that can maintain its confidentiality and security;
- Data collected online about children should be kept only as long as is necessary to fulfill their purpose, then deleted using reasonable measures to prevent unauthorized access or use;
- Do not require a child to provide more information than is reasonably necessary to participate in an online activity.