The Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of online data collected of children under 13. The Act was passed by the U.S. Congress in 1998 and took effect in April 2000. COPPA is managed by the Federal Trade Commission (FTC). Click Here to visit the FTC site. Vigilints™ maintains and enforces COPPA compliance in all websites, apps and other operations involving child data. Click Here to visit the Vigilints™ Privacy Page.

The Act specifies:

  • That sites must require parental consent for the collection or use of any personal information from site users under 13 years old.
  • What must be included in a privacy policy, including the requirement that the policy itself be posted anywhere data is collected.
  • When and how to seek verifiable consent from a parent or guardian.
  • What responsibilities the operator of a Web site legally holds with regards to children's privacy and safety online, including restrictions on the types and methods of marketing targeting those under 13.

COPPA was passed to address the rapid growth of online marketing techniques in the 1990s that were targeting children. Many Web sites were collecting personal data from children without parental knowledge or consent. Research published by the Center for Media Education showed that children did not understand the potential negative outcomes of revealing personal information online. As a result of media showing the prevalence of gathering private data from children and the exposure to hacking, the public pressured Congress to legislate.

COPPA requires that site operators allow parents to review any information collected from their children. In practice, this means that any relevant site has to provide full access to all user records, profiles and log-in information when a parent requests it. The FTC has stipulated that parents may delete certain information but may not otherwise alter it.

Any Web site that collects information from children under the age of 13 has to abide by COPPA.

Although COPPA does not specifically define how parental consent should be gained, the (FTC) has established guidelines to help Web site operators ensure compliance with the Act.

These suggestions include:

  • Clear display of downloadable consent forms that may be mailed or faxed to to the operator.
  • Requiring that a parent use a credit card to authenticate age and identity.
  • Requiring that a parent call a toll-free phone number.
  • Accepting an email from a parent that includes a digital signature.

The Act applies to all sites gathering of data from children under the age of 13 years. While Vigilints™ comply, you should be diligent to make sure all sites which interact with your children do the same.