Your Website and the Children’s Online Privacy Protection Act – Part II – Compliance Overview

February 9, 2018

In Part I, we discussed what the Children’s Online Privacy Protection Act (COPPA) is, when it applies, and the consequences of failure to comply with the law. Below, we’ll discuss further questions and answers regarding an overview of what’s required when COPPA applies to your website, app or online service.

What steps must you take prior to collecting a child’s personal information?

Assuming COPPA applies to your website, you are required to post a clear and conspicuous privacy notice that describes the types of PI the operator collects from children, how it is used, and whether it is disclosed to third parties. A direct notice must also be provided to parents including the same information. The parent’s verifiable consent must be obtained regarding the collection, use and disclosure of the child’s personal information.

What does COPPA require after the collection of child’s personal information?

After collecting a child’s personal information, parents must be given control over their children’s personal information, which includes the right to access, review and delete the information. The operator is required to keep the child’s personal information secure and carefully vet all third-party service providers with regard to security procedures and written policies and procedures regarding the use and collection of personal information.

Have additional questions regarding whether COPPA applies to your website and if so, the steps you need to take to comply with the law?

We would be happy to review your website or online service to determine whether COPPA applies, and if so, draft or revise a privacy policy and internal procedures to ensure compliance.

Matt Landis is an attorney at Russell, Krafft & Gruber, LLP, in Lancaster, Pennsylvania. He received his law degree from Widener University Commonwealth School of Law and works regularly with business owners and entrepreneurs.