Now that one-year-olds have mastered iPads, it's clear that children
will be interacting with the Internet more and more — and
at a younger age.
Back in the late 1990s, the federal government demonstrated
remarkable prescience about this technological shift and created
strict rules that govern the information websites collect on
underage users. It's because of that law, the Children's Online Privacy Protection Act
(COPPA), that so many sweepstakes and contests exclude children
under the age of 13.
COPPA went into effect in April 2000. The law is designed to
give parents control over the information that is collected online
from their children. However, the rule applies only to children who
are under the age of 13. It covers all operators of commercial
websites and online services directed at children under 13 that
"collect, use, or disclose personal information from
children." The rule also applies to operators of
general-audience websites and online services if they have actual
knowledge that they are obtaining, using or disclosing personal
information from children under 13.
The rule contains a number of specific requirements. For
example, operators covered by the rule must:
how they handle children's personal information and post this
policy on their website;
Notify parents and obtain "verifiable parental
consent" before collecting information from children, subject
to several so-called "email" exceptions that allow an
operator to obtain parents' consent via email in certain
Offer parents the option of consenting to the operator
collecting and internally using the child's information while
at the same time prohibiting the operator from disclosing their
child's information to third parties;
Allow parents to access their child's collected personal
information as well as the right to review the information and have
Give parents the opportunity to prevent the further use or
collection of their child's personal information online;
Protect the confidentiality, security, and integrity of
information collected from children under the age of 13.
COPPA also bars operators from forcing children to provide more
information than is reasonably necessary before allowing them to
participate in online activities.
The Federal Trade Commission aggressively enforces the COPPA
Rule; violators can be fined up to $11,000 per violation. In
addition, states and certain other federal agencies, such as the
Department of Transportation, have the authority to enforce COPPA
as it pertains to their jurisdictions.
Because of the complications and expense of complying with the
COPPA requirements and the risk of large fines for even an
inadvertent failure to comply, it's not surprising that many
sponsors of sweepstakes and contests decide to exclude
participation by persons under 13.
The FTC is currently in the process of amending the COPPA Rules
in an effort to keep the regulation up to-date with the
technological developments and increased usage of the Internet by
children that have occurred since 2000. The second article in this
series will discuss the FTC's proposed amendments.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In last year's BakerHostetler Incident Response Report, we reported the range of PCI DSS non-compliance fines as $5,000 – $50,000 and the per card amount of liability imposed to reimburse issuers of affected cards as $3-$25.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
The Payment Card Industry Security Standards Council (PCI SSC) has released a new version of its data security standard for the protection of cardholder data, the Payment Card Industry Data Security Standard (PCI DSS).
The idea of cybersecurity may be foreign—or even frightening—to many attorneys. However, as evidenced in Part One of this series ("Cybersecurity: You Can't Afford to Ignore It Anymore," April 25) law firms appear to be the next great target for hackers. In light of that, as a risk management prevention tool, attorneys and firms need to be aware of how to protect themselves.
The academic and legal communities have long struggled with the notion of what constitutes a privacy injury giving rise to some right to legal protection – whether via legislation or regulation, or through the courts.
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).