Comply or Pay

Rob Winters Blog

Sign Up Free1998 may feel like a distant memory, but one of the many laws passed that year had a major impact on online marketing. COPPA (Children’s Online Privacy Protection Act) was enacted on October 21, 1998. The Federal Trade Commission outlines COPPA as: “COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.”

As a marketer promoting a product, mobile app or professional service online it may seem unimportant to worry about COPPA. It’s easy to assume your target audience is made up of individuals over thirteen years old. This is a mistake that can result in costly FTC fines. In 2014, Yelp, the popular restaurant search and review service, paid a $450,000 fine for storing the name, location and email address of individuals who reported themselves to be under thirteen years of age. To be clear, Yelp claims most individuals are actually adults who self-reported their date of birth incorrectly, but from the hefty fine you can see the FTC doesn’t take the violation of COPPA lightly, even if it may be partially inaccurate information from the user.

What are the steps for making a website COPPA complaint?

According to the FTC there are six simple steps an organization can take to ensure they meet all regulations:

Step 1: Determine if Your Company is a Website or Online Service that Collects Personal Information from Kids Under 13.
Step 2: Post a Privacy Policy that Complies with COPPA.
Step 3: Notify Parents Directly Before Collecting Personal Information from Their Kids.
Step 4: Get Parents’ Verifiable Consent Before Collecting Information from Their Kids.
Step 5: Honor Parents’ Ongoing Rights with Respect to Information Collected from Their Kids.
Step 6: Implement Reasonable Procedures to Protect the Security of Kids’ Personal Information.

Even if you think these six steps are unnecessary or don’t apply to you:

For any website or mobile app that collects information through a form requesting name or email it is a wise decision to add a birth date field consisting of month, day and year selection. This is a step above a simple checkbox the user might click to confirm they are at least thirteen years of age. What’s the difference and why does it matter which you select for you website? The difference will be noted if you have to explain to a government official that your organization is truly COPPA compliant. A checkbox is easily described or written off as unclear, possibly even a tool of deception. If the user must individually select the month, day and year of their birth and they falsely represent themselves then the organization is better protected against fees and future lawsuits. You’ll note Facebook, which advocates children under the age of thirteen should be allowed to access the popular social network, ensures they are compliant with Federal regulations by using the drop down birth date selection depicted in the image above.

COPPA is broad in many ways that more marketers, particularly those of mobile applications, should consider. Any website or mobile app with graphics that target children are subject to COPPA compliance regulations. There are many applications for adults that use cartoon type graphics or light-hearted themes but are intended for adult consumption. If an official comes knocking at your virtual door that argument won’t stand, you need to ensure you are expressing the application is for individuals over the age of thirteen, and ensure you have practices in place to verify age and avoid storing the data for those under thirteen. The storing of data is where you’ll run into real trouble, just like our friends discovered at Yelp.

Another important thing to keep in mind after the type of graphics you utilize are the promotions you offer. A free giveaway or a raffle for an iPhone for example will surely attract a younger audience. Think about the ten-year-old who wants an iPhone and was recently told by his or her parents the phone was too expensive. It just so happens they came across your web promotion while playing on the web and enter all of their information into your contest. If age verification isn’t strictly applied here you are leaving your organization open to a potentially expensive and reputation damaging situation. No organization wants to be touted in the media as one that collects and uses children’s information. This is likely not what you intend to do with the data you collect through a promotion, but the media always needs a new villain and you’ve just walked into an easy trap.

It’s best to read through at least the summary information available on the FTC website for COPPA and the browse your website to see what forms or pages are collecting information. It can take some time to ensure an entire website is compliant, but taking small steps today will ensure a good user experience and a future free of headache from fees and lawsuits.

For Additional Information:

Federal Trade Commission. Complying with COPPA. March 20, 2015. https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions

Federal Trade Commission. Children’s Online Privacy Protection Rule (“COPPA”). August 6, 2014. https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule

Brian Winters Brian Winters
VP Client Services
#InTheKnow