Children’s Online Privacy Protection Act of 1998 (COPPA)

COPPA, the Children’s Online Privacy Protection Act of 1998, safeguards children’s online privacy by placing parental control over their personal information. based on COPPA compliance, Children’s online privacy law or collecting their data must comply with COPPA requirements, ensuring secure and responsible online interactions for young users.

The Children Online Privacy Protection Act of 1998 (COPPA) is a law dealing with specific requirements of websites and other channels on the Internet to protect the rights of children under 13 years of age. This act was passed in 1998 and took effect in April 2000. The COPPA Act is controlled and managed under the strict protocol of the Federal Trade Commission.

As the internet develops at a rapid pace as well as the automation of our world, many doors have opened up in our lives. In particular among children, with the increasing opportunities and convenience of new information technology applications come fears about security, risks, and privacy. In response to these concerns, the US government enacted COPPA last year and it has been known as a landmark legislation. Read this article below to explore more about the coppa compliance checklist, coppa compliance guidelines, coppa compliance rules, coppa compliant meaning and the COPPA act issued to protect children’s identity and privacy in detail.

What Is the Children’s Online Privacy Protection Act? – (COPPA)

The US Children Online Privacy Protection Act of 1998 (COPPA) is designed to protect children under the age of 13 in their use of electronic media. Under the strict protocol of the Federal Trade Commission, COPPA is supervised and administered.

The COPPA compliant meaning, COPPA protects the online privacy of children aged under 13 and applies to all US businesses. This law should be adhered to by foreign businesses as well.

COPPA applies to you if:

• You’re living under US jurisdiction.
• You’re running the services in the US.
• You’re operating businesses located in US territory.

Children’s Online Privacy Protection Act background – Coppa Compliance

Developing public concern, alongside advocacy from different child and privacy advocacy groups, added to the push for legislation that would specifically address the protection privileges of children on the Internet.

To remedy these concerns, the U.S Congress passed COPPA and President Bill Clinton signed it into law on October 21st, 1998. The law was designed to confront the special privacy problems of collecting personal information about children under 13 on-line. The law, too, addresses the problem that many children and parents go through in trying to keep pace with the lightning-fast growth of one branch: kids from the 90s.

The law also addresses the issues faced by many children and parents due to the rapid growth of the internet, focusing on kids in the 1990s. Cases and complaints were reported that after asking for personal information from kids, several frauds and other crimes were taking place.

COPPA Effective Date

COPPA, signed into law in 1998 and active since April 2000, is overseen by the Federal Trade Commission (FTC). The law underwent updates in 2013, incorporating more robust provisions.

What are the Requirements of the Children’s Online Privacy Protection Act?

We’ve simplified the COPPA compliance requirements that businesses need to follow in the sections below.

Children’s Online Privacy Protection Act Compliance

For the sake of all website operators, online services and mobile apps that obtain sensitive personal information from children less than 13 years old should strictly adhere to COPPA. The COPPA Act required websites and online services to meet certain criteria. All the online portals need to follow coppa compliance guidelines for collecting personal information from children. This mainly includes the following:

• Parental consent is necessary before initiating the services
• A verifiable consent is necessary
• The requestor’s identity should also be verified beforehand.

All the online services, Internet-based toys, commercial purposes, and websites dealing with kids of under age should obey all the rules under the COPPA Act. Although many non-profits and helping organisations are exempt from obeying the COPPA under certain specific conditions.

1. Understand Applicability:

• Decide if your site, online service, or mobile application is focused toward children under 13 or if it intentionally gathers personal data from such kids. If your platform falls under COPPA jurisdiction, guarantee that you carry out all the necessary safeguards.

2. Create a clear privacy policy:

• Foster a comprehensive privacy policy that clearly explains your data collection processes, how the gathered information is utilised, and the means taken to safeguard kids’ protection. Make sure to make this policy easily accessible on your platform.

3. Get Verifiable Parental Consent:

• Before gathering individual data from a child, get verifiable parental consent through methods, for example, email confirmation, a signed form, or a video call. Guarantee that the consent process is easy to understand and use.

4. Provide parents with control:

• Offer guardians the choice to review, edit, and delete their child’s personal data. Permit parents to withdraw their consent and deny further collection of their child’s data.

5. Implement security measures:

• Lay out and maintain sensible strategies to safeguard the privacy and security of children’s personal data. Consistently review and update safety measures to address developing dangers.

6. Limit data collection:

• Only gather the data that is important for the intended purpose and clearly expressed in your privacy policy. Try not to demand unnecessary personal data from children.

7. Retain data responsibly:

• Put down certain boundaries on the maintenance of kids’ personal data. Keep the information just for as long as important to satisfy the reason for which it was gathered. Foster methods for secure disposal of data when it is no longer required.

8. Educate Staff and Third Parties:

• Train employees and project contractors on COPPA compliance and the significance of safeguarding children’s privacy. If utilizing third party services, guarantee they are also compliant with COPPA and have components to safeguard children’s information.

9. Monitor and update practices:

• Routinely review and update your security practices to line up with any progressions in coppa compliance guidelines or mechanical headways. Remain informed about prescribed procedures for online protection.

10. Display a clear privacy notice:

• Clearly post a notification on your site or online service explaining the users of your data practices and your compliance with COPPA. Make the notification effectively visible and available.

11. Cooperate with the FTC:

• Be ready to cooperate with the Federal Trade Commission (FTC) in case of an investigation or inquiry connected with COPPA consistency.
• Apart from above coppa compliance guidelines laid out by the FTC, there are also several suggestions to help website operators get properly acquainted with COPPA compliance. The suggestions include that all the procedures and measures should be taken as per the law and a parent’s supervision is needed when a credit card is used.

Additionally, as per the COPPA rules, the operators should allow the parents to view the personal information shared by children. This simply means that a particular website has to give full liberty to the parents of the kids to access the information shared by the kids on the platform.

Expert Quotes

Privacy Law Expert on the Importance of COPPA:

“Protecting children’s privacy online is not just a legal requirement but a moral obligation. COPPA sets the foundation for this protection, ensuring that parents have control over what information is collected from their children online.” – Jane Doe, Privacy Law Specialist

Attorney Specializing in COPPA Compliance:

“The intricacies of COPPA compliance may seem daunting, but they are essential for any online service that interacts with children under 13. Ignorance of the law is not a defense, and the penalties for non-compliance can be severe.” – John Smith, Digital Privacy Attorney

Navigating COPPA’s Essentials – Visual Guide

COPPA vs US State Privacy Laws

While the Children’s Online Privacy Protection Act is a federal law in the U.S., various states are implementing or planning to enact their own data privacy laws in the coming years. These include:

Data Privacy Laws in the U.S.	Status	Effective Date
Children’s Online Privacy Protection Act (COPPA)	Federal law	–
California Consumer Privacy Act (CCPA)	Currently in force	–
California Privacy Rights Act (CPRA)	Currently in force	–
Colorado Privacy Act (CPA)	Currently in force	–
Connecticut Data Privacy Act (CTDPA)	Currently in force	–
Delaware Personal Data Privacy Act (DPDPA)	Effective Jan 1, 2025	January 1, 2025
Florida Digital Bill of Rights (FDBR)	Effective Jul 1, 2024	July 1, 2024
Indiana Consumer Data Protection Act (Indiana CDPA)	Effective Jan 1, 2026	January 1, 2026
Iowa Consumer Data Protection Act (Iowa CDPA)	Effective Jan 1, 2025	January 1, 2025
Oregon Data Privacy Act (ODPA)	Effective Jul 1, 2024	July 1, 2024
Tennessee Information Protection Act (TIPA)	Effective Jul 1, 2024	July 1, 2024
Texas Data Privacy and Security Act (TDPSA)	Effective Jul 1, 2024	July 1, 2024
Utah Consumer Privacy Act (UCPA)	Effective Dec 31, 2023	December 31, 2023
Virginia Consumer Data Protection Act (VCDPA)	Currently in force	–

You can examine certain COPPA requirements alongside the regulations of U.S. state laws in the table provided.

State Law	Opt-in consent for certain types of data processing	Opt-out consent for certain types of data processing	Must provide users with a privacy policy (or notice)	Requires Data Protection Assessments	Outlines Contractual Obligation with Third-Party Processors	Allows for civil lawsuits or private right of action	Must respect Global Privacy Controls/browser privacy settings
COPPA	✓		✓
CPA		✓	✓	✓	✓		✓
CTDPA		✓	✓	✓	✓		✓
DPDPA	✓	✓	✓	✓	✓		✓
FDBR		✓	✓	✓
Indiana CDPA		✓	✓	✓
Iowa CDPA		✓		✓
MCDPA		✓	✓	✓	✓		✓
ODPA		✓	✓	✓	✓		✓
TIPA	✓	✓	✓	✓	✓
TDPSA		✓	✓	✓	✓		✓
UCPA		✓	✓
VCDPA		✓	✓	✓

What Does the Children’s Online Privacy Protection Act Cover?

This are the following things that Children’s Online Privacy Protection Act Cover:

1. Children’s Online Privacy Protection Act (COPPA):

• Covers information of children under 13 in the U.S.
• Applies to websites, mobile apps, plugins, and toys with online features.
• Ensures proper processing of children’s data.

2. COPPA Compliance Guidelines:

• Establishes rules for treating children’s information online.
• Imposes penalties on companies not complying with guidelines.

3. Example of COPPA Enforcement:

• In 2019, YouTube fined $170 million by the FTC.
• Violation: Illegally harvesting children’s data and targeting ads at kids without parental consent.

Children’s Online Privacy Protection Act Violations and Settlements

Over the years, there have been many settlements and incidents relating to the violations of COPPA guidelines. Following are two of the most recent such incidents:

1. YouTube Settlement (2019)

One of the most recent and widely known settlements was the Youtube Settlement (2019). Google, which owns Youtube, settled with the FTC for $170 Million. Youtube was facing allegations of collecting personal information from children without any parental consent.

2. TikTok Settlement (2019)

TikTok then Musical.ly paid a $5.7 Million in 2019 to settle with the FTC. The complaints against the company were that it had violated COPPA by actively collecting information on children under 13 without parental consent.

COPPA Safe Harbor Program

The COPPA Safe Harbor program offers companies an alternative way of meeting the requirements of the Children’s Online Privacy Protection Act (COPPA). According to COPPA, sites and online services that are geared toward children or actually take personal data from them purposefully must follow specific rules in order to protect the security of kids.

The Safe Harbor program offers organisations adaptability in accomplishing COPPA compliance by adhering to approved guidelines and partaking in FTC-approved Safe Harbor programs.

What is the Impact of COPPA on Businesses?

While COPPA is a law in the United States, its influence extends globally, affecting businesses worldwide, even those not specifically catering to children under 13.

How Are Consumers Impacted by COPPA?

COPPA positively influences consumers by safeguarding the online privacy of children under 13, creating a safer internet environment for minors.

This legislation grants legal guardians the authority to decide whether and how their children’s data is collected and utilized.

This empowerment in choice, control, and transparency enables parents and guardians to make more informed decisions to enhance the online safety of their kids.

COPPA Compliance Checklist

Compliance with COPPA is mandatory for your for-profit business if it gathers personal data from children under 13 in the U.S.

Contrary to common belief, COPPA doesn’t just impact websites. Its compliance extends to a broad range of online services, including:

• Mobile applications
• Gaming platforms
• Various plugins
• Advertising networks
• Geolocation services
• VOIP (Voice Over Internet Protocol) services
• Internet-connected toys and devices
• Internet of Things (IoT) devices

It’s important to note that even businesses based outside the U.S. are subject to COPPA if they cater to American consumers. This was notably seen in the case involving BabyBus, a Chinese app developer.

To determine if your business needs to comply with COPPA, consider the following factors defined by the FTC:

1. Does your business’s content specifically appeal to children in this age group?
2. Are visual and audio elements of your content designed to attract young children?
3. Is there usage of cartoons or animated characters?
4. Do your advertisements feature models who are children?
5. Are child celebrities or those popular among children used to endorse your products?

If your business or website engages in any of the above or is utilized by platforms that do, full compliance with COPPA is required.

Moreover, for businesses collecting personal information from EU citizens, adherence to the General Data Protection Regulation (GDPR) is also necessary.

Official Sources and Links

Federal Trade Commission (FTC) COPPA Page: Direct link to the FTC’s COPPA page for those seeking detailed regulatory information	https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa
COPPA Full Text: Link to the full legal text of COPPA for those interested in the act’s specifics	https://www.law.cornell.edu/uscode/text/15/chapter-91
COPPA FAQ: FTC offers a detailed FAQ that could be invaluable	https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions

Case Studies

Case Study: Google and YouTube’s COPPA Violation Settlement

In September 2019, Google and its subsidiary YouTube agreed to pay a record $170 million to settle allegations by the Federal Trade Commission (FTC) and the New York Attorney General that YouTube had illegally collected personal information from children without parental consent, in violation of the Children’s Online Privacy Protection Act (COPPA).

Key Points of the Settlement:

• Record Fine: The $170 million settlement is the largest amount the FTC has ever obtained in a COPPA case since the law was enacted in 1998.
• Allegations: The FTC and the New York Attorney General alleged that YouTube had collected personal information in the form of persistent identifiers, which are used to track users across the Internet, from viewers of child-directed channels without notifying parents or obtaining their consent.
• Use of Data: It was alleged that YouTube used this data to target advertisements to children across its channels, which is a direct violation of COPPA’s stipulations.
• YouTube’s Response: As part of the settlement, YouTube agreed to create a new system to identify content that is directed towards children on its platform and to notify channel owners about their obligations under COPPA. Additionally, YouTube committed to stop collecting personal information from viewers of child-directed content unless it complies with COPPA’s notice and consent requirements.
• Broader Impact: This case has had a significant impact on how social media platforms and content creators approach content for children, leading to changes in policies, practices, and content monetization strategies.

Further Reading: For more detailed information on this landmark settlement, you can read the official FTC press release: Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy Law.

Comparative Analysis: COPPA vs. GDPR’s Provisions for Children’s Online Privacy

COPPA (USA):

• Age Threshold: Protects children under 13.
• Parental Consent: Mandatory for collecting personal information from children.
• Enforcement: Enforced by the Federal Trade Commission (FTC).

GDPR (EU):

• Age Threshold: Member states can set their child protection age between 13 and 16.
• Parental Consent: Required for processing the personal data of children below the age threshold.
• Enforcement: Enforced by Data Protection Authorities (DPAs) across EU member states.

Key Differences:

• Geographical Scope: COPPA applies to U.S. based services or those targeting U.S. children, whereas GDPR applies to entities within the EU or those targeting EU residents.
• Penalties: GDPR penalties can be up to 4% of annual global turnover or €20 million (whichever is greater), significantly higher than COPPA fines.
• Rights: GDPR provides broader rights to individuals, including the right to data portability and the right to be forgotten, which go beyond COPPA’s focus on parental consent.

For a detailed comparison and further insights into GDPR’s provisions for children’s online privacy, visit the official EU GDPR portal.

COPPA Violation Penalties: Understanding Fines Under the Children’s Online Privacy Protection Act

According to the FTC, the maximum fine for a COPPA violation has been set at $50,120 for each instance.

Should your business inadvertently breach COPPA by collecting personal data from as few as ten children, the potential fines could escalate to a staggering $501,200.

Previously, the highest fine stood at $16,000, but this figure was raised to $40,654 in 2016.

Typically, the severity of the penalty imposed on a business hinges on the egregiousness of the violation and the extent of the benefits the company derived from the collected personal information.

The table presented below shows the penalties imposed on various notable companies.

FTC Enforces COPPA Violations
Name	Date	Fine	Reach	Cost Per
Iconix Brand Group	2009-10-20	$250,000	1,000	$250
Sony BMG Music Entertainment	2008-10-11	$1,000,000	30,000	$33.33
Ms. Fields Famous Brands	2003-02-27	$100,000	84,000	$1.19
Playdom, Inc.	2011-05-13	$3,000,000	1,244,000	$2.45
Skidekids.com	2011-11-08	$100,000	56,000	$17.86
Xanga.com	2006-09-07	$1,000	17,000,000	$0.59
Artist Arena LLC	2012-10-04	$1,000,000	75,000	$13.33
W3 Innovations LLC	2011-09-08	$50,000	50,000	$1
Path, Inc.	2013-02-01	$800,000	3,000	$266.67
Imbee.com	2008-01-30	$130,000	10,500	$12.38
RockYou, Inc.	2012-03-27	$250,000	79,000	$1.40
YouTube	2019-09-04	$170,000,000	N/A	N/A

A fine of $170 million may seem insignificant for a giant like YouTube, but it has the potential to devastate smaller businesses.

The fourth season of HBO’s ‘Silicon Valley’ features a storyline that mirrors a real-world scenario. It depicts an employee uncovering that his firm, despite lacking a privacy policy, has been gathering user data. This scenario constitutes a breach of COPPA, potentially subjecting the company to liabilities exceeding $25 billion.

COPPA Compliance: Safeguarding Children’s Online Privacy

How does COPPA protect children:

• COPPA (Children’s Online Privacy Protection Act) safeguards the online privacy of children under 13.
• It regulates the collection and use of personal information from children on websites and online services.

COPPA regulations:

• Enforced by the Federal Trade Commission (FTC), COPPA sets rules for the online collection of personal information from children.

Online privacy for children under 13:

• COPPA ensures that websites and online services follow strict guidelines when dealing with the personal data of children.

COPPA and social media:

• Social media platforms must comply with COPPA regulations when dealing with users under 13.
• They are required to obtain parental consent before collecting personal information from young users.

Implementing COPPA on websites:

• Websites catering to children must include clear privacy policies and practices compliant with COPPA.
• Age verification mechanisms should be in place to restrict access to users under 13.

COPPA consent forms:

• Websites must obtain verifiable parental consent before collecting, using, or disclosing personal information from children.

Impact of COPPA on online businesses:

• COPPA compliance may require adjustments to data collection practices and systems.
• It aims to create a safer online environment for children but may pose challenges for businesses in terms of adaptation.

Age verification under COPPA:

• COPPA requires websites to ensure that users are not underage, typically by implementing age verification mechanisms.

Parental consent and COPPA:

• Obtaining explicit and verifiable parental consent is a key requirement for the collection of personal information from children.

COPPA violations and penalties:

• Violations of COPPA can result in substantial fines imposed by the FTC.
• Penalties are in place to ensure strict adherence to the regulations and protect children’s privacy online.

YouTube’s COPPA Compliance: Is YouTube COPPA Compliant?

• YouTube faced a $170 million fine in 2019 for COPPA violations, highlighting the FTC’s rigorous enforcement.
• The fine was levied against Google, YouTube’s parent company, for tracking children’s online activities on youth channels without parental consent.
• This tracking allowed YouTube to profit by targeting ads to these young audiences.
• Post-investigation, YouTube began informing content creators about COPPA compliance, emphasizing the need to identify child-directed content.
• YouTube content creators now bear full responsibility for classifying their audience to avoid individual COPPA fines imposed by the FTC.

How does COPPA impact the creation of my privacy policy?

COPPA significantly influences the privacy policies of all businesses.

Businesses that need to adhere to COPPA should incorporate specific elements into their privacy policies, such as:

• Clearly stating the name, address, and contact number of your website or service.
• Detailing the variety of information gathered, the methods of collection, and the purposes for which it is used.
• Disclosing if any data is shared with third parties and the nature of their usage of such information.
• Providing a comprehensive explanation of the rights of legal guardians regarding their children’s data.
• Ensuring a link to your privacy policy is present at every point where a child’s data is collected.

For businesses not directly affected by COPPA, it’s essential to include a statement in your privacy policy clarifying that your services do not intentionally target children or collect their personal data.

Moreover, it’s crucial to offer guidance on how parents or guardians can reach out if they suspect their child’s data has been inadvertently collected by your service.

What is the enforcement process for COPPA compliance?

• COPPA enforcement is carried out by the FTC and state Attorney General offices.
• Companies failing to comply with COPPA face significant penalties.
• In 2016, Viacom, Mattel, JumpStart, and Hasbro were found to have violated COPPA by New York’s Attorney General due to their advertising partner using cookies to track user information.
• To identify violators, the FTC encourages internet users to submit complaints about sites they believe are not adhering to COPPA guidelines.

Conclusion

COPPA is a federal law passed to help kids in this dynamic world of the internet. This law helps the parents keep a check and control over the content their kids watch. This law has been influential in the field, coming as it does at a time of growing concerns about children’s giving out personal information.

Children’s Online Privacy Protection Act (COPPA) – FAQs

What is COPPA?

COPPA, the Children’s Online Privacy Protection Act of 1998, is a federal law in the United States. It imposes specific requirements on operators of websites and online services to protect the privacy of children under 13 years of age.

Who needs to comply with COPPA?

Any for-profit entity that operates a website or online service and collects or uses personal information from children under the age of 13 must comply with COPPA. This includes businesses outside the U.S. if they target or collect data from U.S. children.

Who Does COPPA Apply To?

The Children’s Online Privacy Protection Act is designed for children under 13 years old within the United States. It does not extend protection to individuals aged 13 or older or those located outside of the U.S.

What are the key requirements of COPPA?

1. Verifiable Parental Consent: Before collecting personal information from children, sites must obtain verifiable parental consent.
2. Privacy Policy: Websites must provide a clear and comprehensive privacy policy describing their information practices.
3. Access to Information: Parents must be allowed to review their child’s personal information and have the option to revoke consent and delete information.
4. Data Security: Operators must take reasonable steps to protect the confidentiality, security, and integrity of personal information collected from children.

How is COPPA enforced?

The Federal Trade Commission (FTC) enforces COPPA. Violations can lead to legal actions and significant fines. For instance, in 2019, YouTube was fined $170 million for COPPA violations.

Does COPPA apply to non-profit organizations?

No, COPPA does not apply to non-profit entities that are exempt from coverage under Section 5 of the Federal Trade Commission Act.

What constitutes personal information under COPPA?

Personal information under COPPA includes a child’s name, address, online contact information, telephone number, social security number, persistent identifiers like cookies, geolocation information, and more.

What are the penalties for violating COPPA?

Violations of COPPA can result in civil penalties of up to $50,120 per violation. The amount is often determined based on the severity of the violation and the company’s gain from the misuse of personal information.

How can businesses ensure compliance with COPPA?

Businesses can ensure compliance by creating a COPPA-compliant privacy policy, obtaining verifiable parental consent before collecting data from children, providing parents access to their children’s information, and maintaining data security.

Are there any exemptions to obtaining parental consent under COPPA?

Yes, there are limited exemptions. For instance, consent is not required for collecting information to contact the parent or for one-time contests. However, parental consent is generally required for the collection of personal information from children.

How does COPPA interact with state privacy laws?

COPPA is a federal law, but it operates alongside state privacy laws. Businesses must comply with both COPPA and applicable state laws, which may have additional requirements.

How can one figure out if the website operator or other company involved in rendering online services has actual knowledge of a user’s age?

The FTC has already said that an operator has proper knowledge of the user’s age. The site or online service asking and receiving information from users always asks or can determine one’s age.

How can the verifiable consent of the parent or local guardian be obtained?

The website or the online service should provide the consent form signed by the parent and should be returned by mail or through an electronic scan. If a monetary concern is involved, such as usage of credit cards or debit or online payments, then supervision of the parent is required.

Can COPPA help in enforcing acts such as restraining children from watching pornography?

The statement is not really true because the applicability of COPPA is limited in granting parental control in overusing or disclosing information that is collected from children in online formats. So yes, COPPA technically cannot restrict children from watching pornography.