Is Your Web Site Coppa-Compliant?

As of April 21, 2000, all commercial web sites and online services that (a) are directed at children 12 and under or (b) knowingly collect personal information from children 12 and under, must comply with the Children’s Online Privacy Protection Act (“COPPA”).  Among other things, violators of COPPA could face a fine imposed by the Federal Trade Commission of $11,000 per violation.

The key requirements of COPPA compliance are notice and consent.  A web site operator must place a clear and prominent link to its privacy policy on the web site home page and at each place where personal information is collected from children.  The privacy statement must be written in a clear and understandable manner, and must contain specific information and disclosures required by COPPA.  In addition to providing notice of privacy policies, the law requires that web site operator subject to COPPA obtain verifiable parental consent before collecting, using or disclosing any personal information from children 12 and under.  For the next two years, the COPPA regulations take a sliding scale approach to parental consent, requiring more reliable (and potentially more burdensome) methods of consent if the web site operator will sell, disclose or otherwise make children’s personal information available to third parties or the general public.

COPPA covers all personal information from children 12 and under collected after April 21, 2000.  Even if a child had registered with a web site prior to April 21, 2000, the web site cannot collect information from that child after April 21 without complying with COPPA.