Privacy: COPPA Reference
Who Must Comply
What is Required
Giving Away Stuff
- Children’s Online Privacy Protection Act (COPPA).
- 144 CONG. REC. S8482–83 (daily ed. July 1, 1998) (statement of Sen. Bryan) (introducing legislation)
- 16 CFR § 312
- 16 CFR § 312.2 defines an "operator" one who operates an online service or website "for commercial purposes." Remember that "commercial" includes profit and non-profit services.
2013 Revisions to COPPA
- 78 FR 3971-4014 (2013); 16 CFR 312
- Revised Children's Online Privacy Protection Rule Goes Into Effect Today 7/1/13 : "The revised COPPA rule addresses changes in the way children use and access the Internet, including the increased use of mobile devices and social networking. The modified rule,approved by the Commission in December 2012, widens the definition of children’s personal information to include persistent identifiers such as cookies that track a child’s activity online, as well as geolocation information, photos, videos, and audio recordings."
- For Release: 9/15/2011 FTC Seeks Comment on Proposed Revisions to Children's Online Privacy Protection Rule
Changes in Technology Drive Proposed Updates
- The Federal Trade Commission is seeking public comment on proposed amendments to the Children's Online Privacy Protection Rule , which gives parents control over what personal information websites may collect from children under 13. The FTC proposes these amendments to ensure that the Rule continues to protect children's privacy, as mandated by Congress, as online technologies evolve. The Commission proposes modifications to the Rule in five areas: definitions, including the definitions of "personal information" and "collection," parental notice, parental consent mechanisms, confidentiality and security of children's personal information, and the role of self-regulatory "safe harbor" programs.
- . . . . .
- Does not recommend raising COPPA age to include teenagers
- Unchanged Knowledge standard unchanged (websites that have actual knowledge that collect information from children)
- Online Services: originally covered websites and services such as AOL Term was never defined. Suggest cover any service over the Internet or connects to the Internet - such as mobile applications (network connected games, social media, ecom, receiving behavior targeted advertising). Could be internet enabled gaming platform, VoIP
- Recent consent decree re itunes app provider that targeted children under age of 13
- Personal information - FTC has discretion to include other identifiers. Purpose to include persistent identifiers including those in cookies where those identifiers are not used for internal operation of site. Purpose to include geolocation information and screen names where does not support internal operation of site. Include photos. Would be permitted when used to support internal operation of service. Those technical activities that would permit functioning; user authentication; site navigation; maintain personal preferences' contextual advertisements; protect against fraud or theft.
- Require parental consent where used for behavioral advertising
- Change criteria of what is website or service that is aimed at children. Added to list, presence of musical content or celebreties that appeal to children
- Change defeintion of collects or collection to make it easier for sites to offer interactive content to children and not fear violation of COPPA if have system of deleting child personal information before posted
- Update ways to get parental consent - electronic scans, video conference, identifications
- Consent methods are electives - not prefering one method over another. Must be reasonably calculated that hte person is in fact the parent of the child. Proposed to eliminate sliding scale mechanism for consent. Had always intended this to be temporary. The email+ method of verification is unreliable. Time has come to eliminate this method. New concent processes: (1) Groups submit to FTC for review a new concent method (2) Operators particpate in safe harbor program use method recognized by safe harbor program.
- Request for Public Comment on the Federal Trade Commission's Implementation of the Children's Online Privacy Protection Rule (“2010 FRN”), 75 FR 17089 (Apr. 5, 2010)
- FTC Hearing Protecting Kids' Privacy Online June 2, 2010
- FTC, IMPLEMENTING THE CHILDREN'S ONLINE PRIVACY PROTECTION ACT: A REPORT TO CONGRESS (Feb. 2007) .
- FTC Retains Children’s Online Privacy Protection (COPPA) Rule Without Changes, FTC 3/9/2006
- Children‘s Online Privacy Protection Rule, 71 Fed. Reg. 13,247, 13,258 (Mar. 15, 2006)
- COPPA Application, FTC 11/29/2005
- No later than April 21, 2005, the Commission shall initiate a rulemaking review proceeding to evaluate the implementation of this part, including the effect of the implementation of this part on practices relating to the collection and disclosure of information relating to children, children's ability to obtain access to information of their choice online, and on the availability of websites directed to children; and report to Congress on the results of this review. 15 CFR § 312.11. COPPA Sec. 1307. Aug 22 Children's Online Privacy Protection Act (COPPA) Compliance Training Program for Website Operators. FTC.
- FTC, STAFF REPORT, PROTECTING CHILDREN'S PRIVACY UNDER COPPA: A SURVEY ON COMPLIANCE (Apr. 2002)
- Online Privacy: A Report to Congress (6/98)
- In re Nickelodeon Consumer Privacy Litig., No. 15-1441, 2016 WL 3513782 (3d Cir. June 27, 2016)
- Topelson, Dalia and Bavitz, Christopher and Gupta, Ritu and Oberman, Irina, Privacy and Children's Data - An Overview of the Children's Online Privacy Protection Act and the Family Educational Rights and Privacy Act (November 14, 2013). Berkman Center Research Publication No. 23. Available at SSRN: or http://dx.doi.org/10.2139/ssrn.2354339
- Common Sense Media, Protecting Our Kids' Privacy in a Digital World
- Common Sense Media White Paper Do Smart Kids = Smart Phones?
- danah boyd, How Teens Understand Privacy, May 9th 2011
- Lauren A. Matecki, Update: COPPA is Ineffective Legislation! Next Steps for Protecting Youth Privacy Rights in the Social Network Era, 5 Nw. J.L. & Soc. Pol'y 369
- Berin Szoka, Adam Thierer COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech (2009)
- Bartoli, E., 2009. Children's Data Protection vs. Marketing Companies. International Review of Law, Computers & Technology , 23(1-2), 35-45.
- Berson, I.R. & Berson, M.J., 2006. Children and Their Digital Dossiers. International Journal of Social Education , 21(1), 135-147.
- Aidman, A., 2000. Children's Online Privacy What you need to know about the Children's Online Privacy Protection Act. Educational Leadership , 58(2), 46-48
- Danielle Garber, COPPA: Protecting Children's Personal Information on the Internet, 10 J.L. & POL'Y 129, 154 (2001)
- Anita Allen, Minor Distractions: Children, Privacy and E-Commerce, 38 HOUS. L. REV. 751 (2001)
- Dorothy Hertzel, Don't Talk to Strangers: An Analysis of Government and Industry Efforts to Protect a Child's Privacy Online, 52 FED. COMM. L.J. 429 (2000).
- Joshua Warmun, Note, Can Coppa Work? An Analysis of the Parental Consent Measures in the Children's Online Privacy Protection Act, 11 FORDHAM INTELL. PROP. MEDIA & ENT. L.J. 189 (2000)
- 1998 Children's Online Privacy Protection Act (COPPA)
- Federal agencies and their contractors must comply with COPPA: Executive Memo M-00-13 Privacy Policies and Data Collection on Federal Web Sites June 22, 2000
- FTC Coppa Compliance Tool Kit, FTC 4/24/02
- FTC Press Release: Federal Trade Commission Testifies on Children's Online Privacy Protection Act (Coppa) 5/18/00
- How to Comply With The Children's Online Privacy Protection Rule November 1999
- Powerpoint Presentation on the COPPA Rule [TXT]
- Frequently Asked Questions About the Children's Online Privacy Protection Rule [TXT]
- FTC's Kidz Privacy Webside
- Aug 22 Children's Online Privacy Protection Act (COPPA) Compliance Training Program for Website Operators. FTC.
- 16 CFR Part 312 as published in 64 Fed Reg 59888