Now that one-year-olds have mastered iPads, it's clear that children
will be interacting with the Internet more and more — and
at a younger age.
Back in the late 1990s, the federal government demonstrated
remarkable prescience about this technological shift and created
strict rules that govern the information websites collect on
underage users. It's because of that law, the Children's Online Privacy Protection Act
(COPPA), that so many sweepstakes and contests exclude children
under the age of 13.
COPPA went into effect in April 2000. The law is designed to
give parents control over the information that is collected online
from their children. However, the rule applies only to children who
are under the age of 13. It covers all operators of commercial
websites and online services directed at children under 13 that
"collect, use, or disclose personal information from
children." The rule also applies to operators of
general-audience websites and online services if they have actual
knowledge that they are obtaining, using or disclosing personal
information from children under 13.
The rule contains a number of specific requirements. For
example, operators covered by the rule must:
how they handle children's personal information and post this
policy on their website;
Notify parents and obtain "verifiable parental
consent" before collecting information from children, subject
to several so-called "email" exceptions that allow an
operator to obtain parents' consent via email in certain
Offer parents the option of consenting to the operator
collecting and internally using the child's information while
at the same time prohibiting the operator from disclosing their
child's information to third parties;
Allow parents to access their child's collected personal
information as well as the right to review the information and have
Give parents the opportunity to prevent the further use or
collection of their child's personal information online;
Protect the confidentiality, security, and integrity of
information collected from children under the age of 13.
COPPA also bars operators from forcing children to provide more
information than is reasonably necessary before allowing them to
participate in online activities.
The Federal Trade Commission aggressively enforces the COPPA
Rule; violators can be fined up to $11,000 per violation. In
addition, states and certain other federal agencies, such as the
Department of Transportation, have the authority to enforce COPPA
as it pertains to their jurisdictions.
Because of the complications and expense of complying with the
COPPA requirements and the risk of large fines for even an
inadvertent failure to comply, it's not surprising that many
sponsors of sweepstakes and contests decide to exclude
participation by persons under 13.
The FTC is currently in the process of amending the COPPA Rules
in an effort to keep the regulation up to-date with the
technological developments and increased usage of the Internet by
children that have occurred since 2000. The second article in this
series will discuss the FTC's proposed amendments.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On Friday, November 13, Federal Trade Commission ("FTC" or the "Commission") Chief Administrative Law Judge ("ALJ") D. Michael Chappell issued an Initial Decision in In the Matter of LabMD, Inc. (FTC Docket No. 9357), dismissing the Commission's Complaint against LabMD, Inc. ("LabMD"), upon a finding that the FTC had failed to "demonstrate a likelihood that [LabMD's] computer network will be breached in the future and cause substantial computer injury."
Whether you are in-house counsel or external counsel, upon first hearing of a massive data breach affecting your client, your first reaction will likely be at least a twinge of panic. So first, take a deep breath and calm down.
Anthony Albanese, the head of the New York Department of Financial Services, issued a letter to more than 20 federal and state regulators outlining proposed cybersecurity regulations for banks and insurance companies operating in New York.
High-profile data breaches seem to hit the headlines almost every day. These breaches have proved terrifying for many companies, particularly as the attackers release embarrassing emails and other information.