5 Things Parents Need to Know about COPPA Act

As if the list of parental responsibilities was not long enough already, the digital world added one more item to the list: taking care of kids’ online safety. On their road to fulfil this quest, parents will be faced with many potholes and crossroads. They will need reliable information to help them make smart decisions. One of the things they’ll need to have in their pocket is the basics of the COPPA Act. Here are 5 things we parents need to know about COPPA Act. 

What is COPPA and who is responsible for its implementation?

COPPA Act or Children’s Online Privacy Protection Act is a US Federal law, which applies to the nation as a whole and all 50 states since 2000. FTC – Federal Trade Commission, the body responsible for its implementation, has the authority to issue regulations and enforce COPPA.

1. What does COPPA do to protect kids?

COPPA strives to protect all Internet users younger than 13 by setting up rules for website operators regarding their privacy policies. It requires websites to seek permission from children’s parents or guardians before giving out their personal data. For certain websites, like some of the most popular social networking websites (Facebook, Twitter, Snapchat, Instagram, TikTok, and Skype), it is easier and simpler to restrict children under 13 to create accounts than to comply with COPPA’s rules on parental consent.

In the EU, on the other hand, a user can create an account at the age of 16 owing to the set-out rules of the General Data Protection Regulation (GDPR).

2. How does COPPA cope with the evolving changes in the digital world?

Seeing how its main objective is children’s online privacy protection, COPPA Act can’t be permitted to be out-of-date. For that reason, changes are regularly implemented in order to answer to new challenges. In 2011, the Act was changed to ensure even greater protection of children’s data by imposing rules on data retention and deletion. This means that children’s data can only be kept for the amount of time necessary to achieve the purpose that it was collected for and has to be deleted afterwards.

During the following year, FTC reported worrying discoveries about data collection by mobile apps and how the lack of transparency by the app creators deepens this issue. In February 2012, the FTC’s overall finding was that “little or no information was available to parents about the privacy practices and interactive features of the mobile apps surveyed before download,” FTC Chairman Jon Leibowitz said in a statement.

In December 2012, FTC announced that most of the mobile apps still fail to inform parents about the data which is being collected from their kids. The report found that “many apps included interactive features or shared kids’ information with third parties without disclosing these practices to parents.”

The number of kids accessing the Internet via mobile phones is increasing constantly and COPPA Act had to be amended to face the challenges of the mobile realm. In 2013, it expanded the list of data which apps can’t collect from kids without parental consent to include: children’s geolocation data, photographs, videos, and audio recordings from mobile devices. Also, they introduced rules to forbid apps’ developers from collecting their personal information through third-party apps or plugins without their parents’ approval.

3. How did COPPA deal with new devices that connect to the Internet?

As the evolution of technology such as audio recordings has accelerated, the FTC needed to update COPPA to straighten out that the Act applies to emerging tech as well. 

In 2017, FTC emphasized the fact that COPPA applies to all devices that connect to the Internet such as IoT connected toys and video game consoles, for instance. It was also expanded to apply to any device, application or service that connects to the Internet and is aimed at children, including educational or classroom connected devices, hospital medical connected devices, websites, and mobile applications.

The verification process and ways of obtaining consent from parents were modernized as well. For example, a parent needs to respond to knowledge-based authentication questions and use facial recognition to get a match with a verified photo ID.

When it comes to third-party advertisers who want to advertise on a particular online service, they also have to comply with COPPA which also encompasses third-party advertising plug-ins and other features.

Right now, there are efforts to expand the reach of COPPA to teenagers as well, through the Do Not Track Kids Act which was introduced to the US Congress in March 2019. The current version of the draft requests to expand the present COPPA, which refers to children under the age of 13, to include all children and teenagers under the age of 16. Even though the bill is in its early stages, it seeks to include additional data control rights such as enabling parents and children to remove and delete personal information submitted by a child.

The fight for protecting children online continues, as there are still companies which are trying to bypass the Act.

4. Which websites suffered so far because of COPPA?

FTC imposes extensive fines on enterprises for COPPA Act violations. Some websites were fined because they were allowing children under 13 to sign up without parent’s consent. 

In 2006, some of these included: Xanga ($1 million), UMG Recordings, Inc. ($400,000), Kidswirl, Skid-e-Kids, and Imbee.

Sony Music experienced one of the biggest FTC’s fines levied against a company at that time. In 2008, Sony Music agreed to pay $1 million to settle allegations that it knowingly collected and disclosed personal information of as many as 30,000 children under the age of 13. The lawsuit alleges that, since 2004, at least 30,000 children under the age of 13 had registered on Sony’s music websites, and that Sony had “actual knowledge” that it was breaching the law.

There was another case in 2013. Path, the social networking service for mobile devices, has reached a settlement with the FTC on alleged violations of COPPA. As part of the settlement, the company had to pay a fine of $800,000 and had to remove about 3,000 accounts from the network.

Some of the latest examples of companies that had to settle allegations for violating COPPA are Oath (formerly AOL Inc.) and Musical.ly (TikTok) that agreed to pay $5 million in December 2018 and $5.7 million in February 2019 respectively.

All these fines were dwarfed by the sum of $170 million which was a fine issued to Google and its subsidiary YouTube in September 2019 for breaching the COPPA Act.

5. Is COPPA an effective approach?

While some think that the approach of the COPPA Act is not effective, we think its effectiveness relies a lot on parents. Yes, kids can actually get around the consent process by lying about their age or get bored with the process of getting consent and move to less appropriate Internet content. But, this is where parents should jump in and educate children about the importance of online safety and their role in it. It is important to be aware that there are a lot of websites that are compliant with COPPA and intended for kids under 13; those are the websites you should direct your children’s’ interest on. Some of the examples include Disney’s Club Penguin, Marimba, and Jet, and there are many more.

Got some examples of your own? Share them with other parents! And don’t forget to share them with your children first.