10 Tips for Complying With Children Online Privacy Laws


I recently had the honor and pleasure of speaking at the 2016 Annual Florida Bar Convention regarding privacy laws. One of the hot topics during the seminar is the Children's Online Privacy Protection Action of 1998 ("COPPA"). It doesn’t feel like 1998 was all that long ago, does it? But on the Internet, it might has well been a century. To put it in perspective, Google had just launched its search engine. There was no Twitter, Facebook or Snapchat. (You may be wondering, "What did people actually do on the internet without these social media platforms?1") At the time, only 1 and 4 households had one or more member using the internet. Today, there are more than 5 times as many Internet users - a sizable portion of these individuals are under the age 13. In fact, it is not a rare occurrence for a child under 6 to have access to the digital world.

Despite being drafted in a drastically different digital world, COPPA has changed somewhat minimally. Still, surprisingly little case law exists interpreting its provisions. It is no wonder many organizations struggle with compliance. To help in this regard, here are 10 practical tips to assist your organization in complying with the legislation:

  1. Prepare a clear and comprehensive online privacy policy describing the company’s information practices for personal information collected online from children under 13.

  2. Post the policy in a clear and conspicuous link on the company’s home page and anywhere the company collects personal information from children.

  3. Use an approved verifiable parental consent method to obtain parental consent before collecting, using, and disclosing a child’s personal information.

  4. Adopt technology, such as a session or timed cookie, to prevent a child from hitting the back button and changing his or her age after age-screening.

  5. Allow parents to opt-out or limit the collection, use and disclosure of their children’s personal information.

  6. Provide parents access to their child's personal information to review and/or have the information deleted.

  7. Use reasonable data protection procedures to guard the confidentiality, security, and integrity of personal information collected from children.

  8. Don’t collect personal information unless it is required for a legitimate business purpose and avoid asking for more information than is necessary.

  9. Only retain personal information collected online from a child for as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.

  10. Don’t allow third party plug-ins, like Facebook and Twitter, on websites directed to children,if any personal information is collected.

If you have any questions, please feel free to shoot me an e-mail at ruth@jacksonleepa.com

DISCLAIMER: Jackson Lee | PA appreciates you visiting this website. Please remember that this information is based on general facts and might not apply to specific factual situations. Please do not consider this information to be specific legal advice. Always consult a lawyer to apply the law to your specific facts and state.