• New Rule Changes Impact Regulations Governing Online Data Collection from Children Under 13 Years of Age
  • August 8, 2013 | Author: Scott N. Opincar
  • Law Firm: McDonald Hopkins LLC - Cleveland Office
  • Operators of commercial websites must be careful when designing and using interactive websites that collect personal information and other data from customers and consumers. Interactive websites that collect information by:

    1. Requesting, prompting or encouraging the submission of information (even if it's optional)
    2. Letting information be made publicly available (example: open chat room or posting function)
    3. Passively tracking information through a separate child-directed site or service, or through an advertisement network, may be collecting such information from children.

    There are special rules governing the online collection of data and personal information from children under the age of 13 through commercial websites.

    In April of 2000, Congress enacted the Children’s Online Privacy Protection Act (COPPA), which applies to operators of commercial websites and online services directed to children under the age of 13 that collect personal information. “Personal information” under COPPA includes:

    • Full name
    • Home or other physical address
    • Online contact information (email address, voice-over internet protocol identifiers, cookie numbers, video chat identifiers, and other identification identifiers)
    • Telephone number
    • Social Security number
    • Photo, video or audio file containing a child’s image or voice
    • Geolocation information sufficient to identify a street name and city or town
    • Other information collected from a child

    The Federal Trade Commission (FTC) enforces COPPA and has the authority to issue regulations with respect to COPPA. Commercial websites and online services covered by COPPA must post privacy policies, provide parents with direct notice of their information practices and obtain verifiable consent from a parent or guardian before collecting personal information from children under the age of 13.

    In December 2012, the FTC issued revisions to COPPA, which create additional parental notice and consent requirements (the 2013 Revisions). The 2013 Revisions to COPPA became effective on July 1, 2013. Under the 2013 Revisions, COPPA applies to operators of commercial websites when they have “actual knowledge” that they are collecting personal information from users of another site or online service directed to children under the age of 13. The 2013 Revisions do not define the term “actual knowledge.” The FTC has stated that an operator has actual knowledge of a user’s age if the site or service asks for - and receives - personal information from the user that allows it to determine the person’s age. In addition, third-party child-directed websites may communicate to an ad network about the nature of its site and information collected from children under the age of 13. If the operator of the commercial website has access to such information, COPPA will likely apply.

    After July 1, 2013, operators of commercial websites subject to COPPA must:

    • Post a clear and comprehensive online privacy policy that complies with COPPA
    • Notify parents directly before collecting any personal information from a child under the age of 13
    • Obtain the parent’s verifiable consent before collecting personal information from their child
    • Honor parents’ ongoing rights with respect to information collected from their children
    • Provide parents with access to the personal information collected from their child in order to edit or delete it
    • Implement reasonable procedures to protect the security and privacy of personal information collected from a child

    Violations of COPPA can result in enforcement actions, including civil penalties and fines.