The primary goal of the Children’s Online Privacy Protection Act (COPPA) Rule is to give parents control over what information is collected from their children online and how such information may be used.
The Rule applies to:
•Operators of commercial Web sites and online services directed to children under 13 that collect personal information from them;
•Operators of general audience sites that knowingly collect personal information from children under 13; and
•Operators of general audience sites that have a separate children’s area and that collect personal information from children under 13.
The Rule requires operators to:
•Post a privacy policy on the homepage of the Web site and link to the privacy policy on every page where personal information is collected.
•Provide notice about the site’s information collection practices to parents and obtain verifiable parental consent before collecting personal information from children.
•Give parents a choice as to whether their child’s personal information will be disclosed to third parties.
•Provide parents access to their child’s personal information and the opportunity to delete the child’s personal information and opt-out of future collection or use of the information.
•Not condition a child’s participation in a game, contest or other activity on the child’s disclosing more personal information than is reasonably necessary to participate in that activity.
•Maintain the confidentiality, security and integrity of personal information collected from children.
In order to encourage active industry self-regulation, COPPA also includes a safe harbor provision allowing industry groups and others to request Commission approval of self-regulatory guidelines to govern participating Web sites’ compliance with the Rule.