“COPPA” is an acronym that stands for the “Children’s Online Privacy Protection Act,” which is a federal statute. Generally speaking, COPPA was enacted to protect the privacy of minors under the age of 13 from websites and online services that target children and that collect personal data about said children. COPPA applies to any business actually collecting personal data on children and to any website or online platform that has reason to know that the data being collected involves minors.
COPPA is similar to other online privacy statutes in that COPPA does NOT ban the collection, processing, and sharing/selling of personal information about children. Rather, COPPA requires that clear and conspicuous notifications be given by a website or online platform to parents and that “verifiable consent” be obtained before collection, use, or sharing/selling of the child’s personal data. “Personal data” includes various information like a child’s name, address, phone number, social security number, photos, video geolocation information, etc.
COPPA also has other requirements, which are discussed in this FTC information sheet. Some of the other requirements can be summarized as follows:
- Provide parents with access to the data collected about their child or children
- Obtain parental consents for the internal use of a child’s data
- Disallow websites or online platforms from disclosing/sharing a child’s data with third parties unless disclosure/sharing is necessary for the service, “… in which case, this must be made clear to parents”
- Maintain the confidentiality of data collected about children
- Maintain robust cybersecurity
- Delete children’s data when the data is no longer needed to fulfill the purpose for which it was collected
- Delete the data in a manner that reasonably protects against unauthorized access or use
- Do not demand more information than is reasonably necessary as a condition of a child being allowed to access features of the website/online platform.
- And more
The main federal agency tasked with enforcing COPPA is the Federal Trade Commission (“FTC”). The FTC has promulgated various rules with respect to COPPA. The FTC also investigates alleged violations of COPPA and brings administrative enforcement actions. For example, the FTC recently brought an enforcement case in federal court against Cognosphere LLC, which markets and provides an online game called Genshin Impact. Genshin Impact is marketed to and is very popular with children. The FTC alleged that Cognosphere failed to obtain parental consent before collecting personal data about the kids playing the game and engaged in deceptive practices with respect to in-game “loot boxes” and conversion of real currency into “game currency” (currency that can be used to buy in-game items).
Unfortunately, COPPA does not contain a private right of legal action allowing parents to sue companies directly for COPPA violations. COPPA would be a stronger and more effective statute if such a private right of action existed. For now, if you suspect a website or online platform is violating COPPA, complaints can be lodged with the FTC and with State Attorneys General (who also have enforcement authority).
If your company is investigated for COPPA violations, you will need experienced and top-rated FTC defense attorneys
Contact the COPPA Compliance and FTC Defense Attorneys at Revision Legal
For more information, contact the experienced COPPA Compliance and FTC Defense Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.