Now that one-year-olds have mastered iPads, it's clear that children
will be interacting with the Internet more and more — and
at a younger age.
Back in the late 1990s, the federal government demonstrated
remarkable prescience about this technological shift and created
strict rules that govern the information websites collect on
underage users. It's because of that law, the Children's Online Privacy Protection Act
(COPPA), that so many sweepstakes and contests exclude children
under the age of 13.
COPPA went into effect in April 2000. The law is designed to
give parents control over the information that is collected online
from their children. However, the rule applies only to children who
are under the age of 13. It covers all operators of commercial
websites and online services directed at children under 13 that
"collect, use, or disclose personal information from
children." The rule also applies to operators of
general-audience websites and online services if they have actual
knowledge that they are obtaining, using or disclosing personal
information from children under 13.
The rule contains a number of specific requirements. For
example, operators covered by the rule must:
how they handle children's personal information and post this
policy on their website;
Notify parents and obtain "verifiable parental
consent" before collecting information from children, subject
to several so-called "email" exceptions that allow an
operator to obtain parents' consent via email in certain
Offer parents the option of consenting to the operator
collecting and internally using the child's information while
at the same time prohibiting the operator from disclosing their
child's information to third parties;
Allow parents to access their child's collected personal
information as well as the right to review the information and have
Give parents the opportunity to prevent the further use or
collection of their child's personal information online;
Protect the confidentiality, security, and integrity of
information collected from children under the age of 13.
COPPA also bars operators from forcing children to provide more
information than is reasonably necessary before allowing them to
participate in online activities.
The Federal Trade Commission aggressively enforces the COPPA
Rule; violators can be fined up to $11,000 per violation. In
addition, states and certain other federal agencies, such as the
Department of Transportation, have the authority to enforce COPPA
as it pertains to their jurisdictions.
Because of the complications and expense of complying with the
COPPA requirements and the risk of large fines for even an
inadvertent failure to comply, it's not surprising that many
sponsors of sweepstakes and contests decide to exclude
participation by persons under 13.
The FTC is currently in the process of amending the COPPA Rules
in an effort to keep the regulation up to-date with the
technological developments and increased usage of the Internet by
children that have occurred since 2000. The second article in this
series will discuss the FTC's proposed amendments.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The National Institute of Standards and Technology has released the fourth revision of its standard-setting computer security guide, Special Publication 800-53 titled Security and Privacy Controls for Federal Information Systems and Organizations, and this marks a very important release in the world of data privacy controls and standards.
The obligations of hedge funds, investment managers and service providers to protect confidential information relating to investors and avoid breaches of data privacy legislation is increasingly in focus.
In a recently released decision from the U.S. District Court for the Southern District of Florida, Mais v. Gulf Coast Collection Bureau, et al., Judge Robert N. Scola, Jr., granted in part and denied in part cross motions for summary judgment in a putative class action before considering the issue of class certification.
The report also found that most utilities only comply with mandatory cybersecurity standards, and have not implemented voluntary NERC recommendations regarding general or specific threats (e.g., Stuxnet).