The Children's Online Privacy Protection Act, known as COPPA, was enacted by the United States Congress in 1998, and became effective on April 21, 2000. COPPA required the Federal Trade Commission to issue and enforce regulations concerning children’s online privacy. In addition, COPPA gives states and certain federal agencies authority to enforce compliance with respect to entities over which they have jurisdiction.
COPPA places certain requirements on operators of websites or online services (apps, games online, connected toys, learning platforms, etc.) that are directed to children under 13 years of age or that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
COPPA requires operators to notify parents of their information practices; obtain verifiable parental consent; collect the least amount of data possible; and maintain reasonable procedures to protect the confidentiality, security, and integrity of children’s personal information.
The primary goal of COPPA is to place parents in control over what information is collected from their young children under the age of 13 online and to protect them while accounting for the dynamic nature of the Internet.
COPPA provides the FTC with civil penalty authority to encourage compliance with the COPPA Rule. The FTC has taken law enforcement actions against companies that failed to comply with the provisions of the law. A court can hold operators who violate the Rule liable for civil penalties of up to $50,120 per violation.
Want to learn more about COPPA? Read the full Rule from the FTC or check out our What is COPPA? blog.
If you can say YES to any of the above, then reach out to one of our experts.
COPPA requires that online services and operators adhere to specific guidelines regarding the collection and handling of personal information (PI). Here are some tips on how to comply:
For more information, read our Top Five COPPA Tips blog.
What is a COPPA Safe Harbor?
The FTC’s COPPA Rule includes a “safe harbor” provision that allows industry groups and others to seek Commission approval of self-regulatory guidelines that implement “the same or greater protections for children” as those contained in the COPPA Rule.
Companies and organizations that participate in an FTC-approved safe harbor program will, in most circumstances, be subject to the review and disciplinary procedures provided in the safe harbor’s guidelines in lieu of formal FTC investigation and law enforcement.
Safe harbor programs must demonstrate that they meet certain performance standards, as outlined in Section 312.11 of the Rule.
PRIVO’s COPPA Safe Harbor Certification Program
PRIVO is approved by the FTC as an authorized Safe Harbor under the COPPA. Program members agree to submit to PRIVO’s oversight and consumer dispute resolution process. Members must meet definitive standards to assure that they are fully compliant with COPPA, offering a comprehensive service that includes auditing a digital property as it relates to children's privacy, parental notice and consent, and best practices for safer online communities. In addition to yearly audits and quarterly reviews, PRIVO conducts monitoring and consulting on a regular basis. Such standards must be strictly adhered to in order to ensure safe and responsible online interaction between online properties and children under the age of 13.
Learn more about our COPPA Safe Harbor program.