Friday, October 12, 2012

COPPA Enforcements are on the Rise

This blog post is “directed to” all website owners and operators whose websites may be “directed to” (the actual term used in COPPA) children under the age of 13 or who actually know that kids access their site.

COPPA is the Children’s Online Privacy Protection Act of 1998. Its purpose is to safeguard personally identifiable information of children under the age of 13. COPPA applies to operators of commercial websites or online services “directed to” children that collect, use, and/or disclose personal information from children, and to operators of commercial websites or online services that have actual knowledge that they collect, use, and/or disclose personal information from children. In particular, COPPA requires these operators to: (1) post a privacy policy on their website; (2) provide notice to parents about the site’s information collection practices and, with some exceptions, get verifiable parental consent before collecting personal information from children; (3) give parents the choice to consent to the collection and use of a child’s personal information; (4) not condition a child’s participation in an activity on the disclosure of more personal information than is reasonably necessary for the activity; and (5) maintain the confidentiality, security and integrity of the personal information collected from children.

COPPA is currently being amended. September 24, 2012 was the deadline to submit public comments to the FTC.

In the meantime, the FTC has promised to step up its enforcement of COPPA. Just recently, on October 2nd, 2012, the FTC settled with Artist Arena LLC, an operator of fan websites for Justin Bieber, Selena Gomez, Rihanna and Demi Loyato, for $1 million. The FTC charged the defendant with the violation of COPPA because it allegedly collected children’s personal information without their parents’ consent. The websites asked the users (often kids under the age of 13) to register on the websites, create online profiles, post messages and sign up for newsletters. According to COPPA, the websites should have notified the children’s parents, disclosed what information was being collected and for what purposes, and obtained verifiable parental consent before collecting any such information.

It is always best to learn from the mistakes of others rather than your own.  So, it is best for the websites that are likely to be visited by children to (i) have a privacy policy that discloses the information collection practices of the website and (ii) obtain verifiable parental consent before such websites collect any information from children under the age of 13.

This article is not a legal advice, and was written for general informational purposes only.  If you have questions or comments about the article or are interested in learning more about this topic, feel free to contact its author, Arina Shulga.  Ms. Shulga is the founder of Shulga Law Firm, P.C., a New York-based boutique law firm specializing in advising individual and corporate clients on aspects of business, corporate, securities, and intellectual property law.

No comments:

Post a Comment