Nothing is more rewarding than creating great products for kids and marketing them online. Companies that sell products to kids aged below 13 years must adhere to the Children's Online Privacy Protection Rule ("COPPA"). This federal regulation stipulates how businesses ought to collect and store the personal data of under-13 users.
COPPA got enacted to address the unprecedented growth of online marketing techniques targeting children during the late 90s. At the time, websites were collecting minors’ data without parental consent or knowledge. COPPA obligates website operators and providers of online services to abide by specific guidelines relating to the collection and handling of minors’ personal information. These guidelines include:
Website operators must understand the various levels of parental consent based on what they collect. Reasonable measures should be taken to ensure that third-parties and service providers also have mechanisms for protecting the integrity, security, and confidentiality of minors’ personal information.
For a company to become COPPA-compliant, it must ensure that personal information collected from minors isn’t stored for longer than necessary. When getting rid of the data, measures should be put in place to avoid exposure or loss. Parents are allowed to review data collected from their kids. They can also withdraw consent for the sake of protecting their kids’ privacy.
This is a COPPA compliance requirement, which is meant to ensure that parents know who is collecting their kids’ personal information, and for what purpose. Consent must be sought from parents before web operators collect kids’ personal information. As per COPPA compliance guidelines, personal information includes kids’ names, addresses, online contact information, social security number, a universal identifier that can be used to recognize users across different websites, and photographs.
The FTC allows certain limited limitations, which mostly relate to verifiable parental consent. COPPA allows website operators to collect minors’ personal information without prior permission if they are making one-time requests, such as asking the minors to enter a consent. Besides, verifiable parental consent isn’t required when minors request to receive information that is distributed regularly, which as weekly newsletters.
If a web operator believes that an under-13 user’s safety is at risk after the minor claims to be in some harm or danger, the operator can collect the personal information of the minor along with his/her parents’ information. Verifiable parental consent can also be circumvented if an operator is protecting his/her website from getting attacked through or by minors’ accounts. In such situations, operators can collect the minors’ personal information and respond appropriately.
Currently, COPPA protects children below 13 years. For COPPA compliance purposes, operators only need to label their websites as 13+ to start collecting minors’ personal information. Today, children below 13 years can still access such sites and provide their information to operators, knowingly or unknowingly.
Often, such data ends up getting sold to third-parties. This has led to calls for the age to be raised because at 13 years, kids are still too young to make rational decisions. Those who support this idea argue that 13 years shouldn’t be considered the age of adulthood on the Internet and that the age limit should be raised to 18 years.