Now that one-year-olds have mastered iPads, it's clear that children
will be interacting with the Internet more and more — and
at a younger age.
Back in the late 1990s, the federal government demonstrated
remarkable prescience about this technological shift and created
strict rules that govern the information websites collect on
underage users. It's because of that law, the Children's Online Privacy Protection Act
(COPPA), that so many sweepstakes and contests exclude children
under the age of 13.
COPPA went into effect in April 2000. The law is designed to
give parents control over the information that is collected online
from their children. However, the rule applies only to children who
are under the age of 13. It covers all operators of commercial
websites and online services directed at children under 13 that
"collect, use, or disclose personal information from
children." The rule also applies to operators of
general-audience websites and online services if they have actual
knowledge that they are obtaining, using or disclosing personal
information from children under 13.
The rule contains a number of specific requirements. For
example, operators covered by the rule must:
how they handle children's personal information and post this
policy on their website;
Notify parents and obtain "verifiable parental
consent" before collecting information from children, subject
to several so-called "email" exceptions that allow an
operator to obtain parents' consent via email in certain
Offer parents the option of consenting to the operator
collecting and internally using the child's information while
at the same time prohibiting the operator from disclosing their
child's information to third parties;
Allow parents to access their child's collected personal
information as well as the right to review the information and have
Give parents the opportunity to prevent the further use or
collection of their child's personal information online;
Protect the confidentiality, security, and integrity of
information collected from children under the age of 13.
COPPA also bars operators from forcing children to provide more
information than is reasonably necessary before allowing them to
participate in online activities.
The Federal Trade Commission aggressively enforces the COPPA
Rule; violators can be fined up to $11,000 per violation. In
addition, states and certain other federal agencies, such as the
Department of Transportation, have the authority to enforce COPPA
as it pertains to their jurisdictions.
Because of the complications and expense of complying with the
COPPA requirements and the risk of large fines for even an
inadvertent failure to comply, it's not surprising that many
sponsors of sweepstakes and contests decide to exclude
participation by persons under 13.
The FTC is currently in the process of amending the COPPA Rules
in an effort to keep the regulation up to-date with the
technological developments and increased usage of the Internet by
children that have occurred since 2000. The second article in this
series will discuss the FTC's proposed amendments.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In August 2015, the FBI issued an alert describing the newest form of cyberattack—the Business Email Compromise ("BEC").[i] BEC is a sophisticated mutation of the now-common spear phishing data breach technique.
Following a private challenge by an Austrian law student to the storage by Facebook of his personal data on servers located in the United States, the EU Advocate General has filed an advisory opinion with the European Court of Justice recommending that the EU-U.S. safe harbor of privacy principles be invalidated.
State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident.