The Children's Online Privacy Protection Act (COPPA) was enacted by the United States Congress in 1998, and took effect in April 2000. The Commission issued an amended Rule on December 19, 2012 which took effect on July 1, 2013. COPPA was designed by lawmakers to introduce parents into the decision-making equation and place them in control over what information is collected online from their children and give parents the final say on which services their children would be allowed to personally interact with and what information they could disclose.
COPPA requires sites, apps, services, connected devices/toys and online games, otherwise known as, “online services”, directed to children under 13 years of age, and online operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age to notify parents and get their verifiable parental consent before they collect, use, or disclose a child’s personal information.
So how do you know if COPPA affects you and your business? Simply put, if you have any children engaging with your content, even if that wasn’t your intended audience, COPPA fines could potentially be a ticking time bomb waiting to explode on your balance sheet.
Fines for failing to comply with the law were recently increased up to $41,484 per violation.
COPPA Compliance matters now more than ever.
Over 6,000 apps are created per day! It’s hard to imagine that the world is not only at our fingertips, but at our children’s as well.
Companies used to not think about security in their design processes. Now, we can’t afford not to. The same is true with privacy – especially regarding children. With more kids online with their own devices, Europe’s General Data Protection Regulation (GDPR) now in force, and a widespread acknowledgement that all consumers, not just our youngest, are in need of better data security and privacy protections, companies cannot turn a blind eye to complying with COPPA.
By simply providing a check a box to have your users say they are 13 or over isn’t the way out. This leads to two things:
- Missing out on potential users
- Encouraging children to lie about their age
For more information, read our Top Five COPPA Tips blog on how to comply.
Since enactment of the COPPA Rule, the FTC has brought 30 cases to enforce it, in addition to enforcement from state attorney generals like New York’s Operation Child Tracker and New Mexico’s AG suing Google, Twitter and other companies for violating children’s privacy.
In 2018 the record shattering COPPA violation by Verizon’s Oath (previously AOL) hit the company with a $5 million fine and most recently in February 2019, video social networking app, Musical.ly, now known as TikTok, with a $5.7M settlement.
Besides the obvious cost of the fine, companies need to take into consideration the PR and legal fees, in addition to the damage that can be done to a company’s brand. Whether you are a parent or a business that interacts with kids, violations to children’s online privacy costs everyone.
Did you know?
COPPA has had a few revisions to keep up with emerging technology, including in July of 2013, which expanded the types of covered personal information to include photos, video, or audio files that contain a child’s image or voice. Just last year the FTC issued an Enforcement Policy Statement that addressed the practice of collecting audio files that contain a child’s voice for immediate conversion into text, in response to inquiries from the marketplace as this practice became more common.
Most companies ask a child for their parent’s email to obtain verifiable parental consent, but majority of children do not know their mom or dad’s email. Just like teaching children to remember their address and phone number, we need to teach children how to reach their parent’s online.
The U.S. federal government oversees COPPA, but states and certain federal agencies have authority to enforce compliance with respect to entities over which they have jurisdiction.