0
How to comply with COPPA
By: Gen Li
Disclaimer
This is not a legal advice. You must not rely on the
information on this slide as an alternative to legal
advic...
What is COPPA?
A type of meat?
A restaurant’s name?
!
COPPA
• The Children’s Online Privacy Protection Act (COPPA) was
enacted by Congress in 1998. COPPA required the Federal T...
What does “personal information”
include?
(5) a telephone number;
(6) a social security number;
(7) a persistent identifie...
If you are covered, what should you do?
• Post a clear and comprehensive privacy policy
• Send direct notice to parents
• ...
Post a clear and comprehensive Privacy
Policy
What does “comprehensive” mean?
Your privacy policy needs to include the following information:
• The developer and relate...
For example:
What does “clear” mean?
The amended Rule requires the developer to post the privacy policy
link in a clear and prominent l...
Send a direct notice to parents
What needs to be in the notice?
1. If the notice is used to obtain a parent’s verifiable consent
prior to the collection o...
2. If the notice is to provide a parent information about the child’s
online activities and does not involve personal info...
• For example:
How to send a notice?
Based on section 312.4 (b) of the amended Rule, you must make
reasonable efforts, taking into consid...
Obtain verifiable parental consent from
parents
Obtain verifiable parental consent from
parents
• Existing approved verifiable parental consent
methods
• Alternative “Ema...
Existing approved verifiable parental
consent
• Provide consent through mail or fax;
• Provide information about a credit ...
Alternative “Email-plus” method
If you will only use the personal information for internal purposes, then
you can use the ...
Provide sufficient security to collected
personal information
Provide sufficient security to collected
personal information
• COPPA requires developers to establish and maintain reason...
Allow parents to review collected information
Allow parents to review collected information
• Based on section 312.6 of the COPPA Rule, upon a parent’s
request, the dev...
For more detailed information, please
see......
Famigo’s “COPPA for Newbies” blog series:
• http://www.famigo.com/blog/201...
Upcoming SlideShare
Loading in...5
×

COPPA for Newbies

409

Published on

Famigo helps you understand the COPPA regulations and best practices to comply with the regulations.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
409
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "COPPA for Newbies"

  1. 1. How to comply with COPPA By: Gen Li
  2. 2. Disclaimer This is not a legal advice. You must not rely on the information on this slide as an alternative to legal advice from your attorney or other professional legal services provider. If you have any specific questions about any legal matter you should consult your attorney or other professional legal services provider. You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this presentation.
  3. 3. What is COPPA?
  4. 4. A type of meat? A restaurant’s name? !
  5. 5. COPPA • The Children’s Online Privacy Protection Act (COPPA) was enacted by Congress in 1998. COPPA required the Federal Trade Commission (FTC) to issue and enforce regulations concerning children’s online privacy. The FTC’s amended Rule became effective on July 1, 2013. • COPPA’s primary goal is to ensure that parents have control over what information is collected from their young children online. • The Rule only covers developers that: (1) that operate mobile apps that are directed to children under 13 and collect, use or disclose personal information from children, and (2) those who have actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
  6. 6. What does “personal information” include? (5) a telephone number; (6) a social security number; (7) a persistent identifier; (8) a photograph, video, or audio file, where such file contains a child’s image or voice; or (9) geo-location information sufficient to identify street name and name of a city or town. (1) first and last name; (2) a home or other physical address including street name and name of a city or town; (3) online contact information; (4) a screen or user name that functions as online contact information;
  7. 7. If you are covered, what should you do? • Post a clear and comprehensive privacy policy • Send direct notice to parents • Obtain verifiable parental consent from parents • Provide sufficient security to collected personal information • Allow parents to review collected information
  8. 8. Post a clear and comprehensive Privacy Policy
  9. 9. What does “comprehensive” mean? Your privacy policy needs to include the following information: • The developer and related operators’ personal information. Including: (1) name, (2) address, (3) telephone number and (4) email address. • A description of the types of information the developer collects from children, and how the developer uses the information. • A statement that parents can review or delete their children’s personal information and prevent future collection.
  10. 10. For example:
  11. 11. What does “clear” mean? The amended Rule requires the developer to post the privacy policy link in a clear and prominent location on the website or on the landing page. A“clear and prominent” link must stand out and be noticeable to the site’s visitors. The link is likely to be “clear and prominent” if it is in a larger font size and in all caps in a color that contrasts with the background. For example:
  12. 12. Send a direct notice to parents
  13. 13. What needs to be in the notice? 1. If the notice is used to obtain a parent’s verifiable consent prior to the collection of a child’s personal information, then you must: • State that you have collected the parent’s online contact information from the child, and that it is only used to obtain the parent’s consent; • State that the parent’s consent is required for the information collection; • List the personal information that is going to be collected if there is consent; • Include a hyperlink to your privacy policy; • State how the parent can grant verifiable parental consent; and • State that if the parent does not provide consent within a reasonable amount of time, then you will delete the parent’s online contact information.
  14. 14. 2. If the notice is to provide a parent information about the child’s online activities and does not involve personal information collection, then : • State that you have collected the parent’s online contact information from the child, and that it is used to obtain the parent’s consent; • State that the parent’s online contact information will not be used or disclosed for any other purpose; • State that the parent can prevent the child from using the app and may require you to delete the online contact information, and how the parent can do so, and • Include a hyperlink to your privacy policy.
  15. 15. • For example:
  16. 16. How to send a notice? Based on section 312.4 (b) of the amended Rule, you must make reasonable efforts, taking into consideration the available technology, to ensure that a parent or child receives the direct notice. There is no absolute standard about what counts as a proper way to send a direct notice, and you need to make your own decision based on the available technology and information. For example:
  17. 17. Obtain verifiable parental consent from parents
  18. 18. Obtain verifiable parental consent from parents • Existing approved verifiable parental consent methods • Alternative “Email-plus” method
  19. 19. Existing approved verifiable parental consent • Provide consent through mail or fax; • Provide information about a credit card or a debt card; • Call a toll-free telephone; • Send consent via video-conference; • Checking a government-issued identification.
  20. 20. Alternative “Email-plus” method If you will only use the personal information for internal purposes, then you can use the next two steps: First: send an email to the child’s parent, and the parent can manifest his consent in the returning email Second, after receiving the email consent, you need to either (1) make a confirmation phone call, fax or letter to the parent; or (2) send a confirmation message via the parent’s online contact information within a reasonable amount of time.
  21. 21. Provide sufficient security to collected personal information
  22. 22. Provide sufficient security to collected personal information • COPPA requires developers to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. • If there is an industry security standard, FOLLOW IT! For example:
  23. 23. Allow parents to review collected information
  24. 24. Allow parents to review collected information • Based on section 312.6 of the COPPA Rule, upon a parent’s request, the developer must grant the parent access to the collected personal information. For example:
  25. 25. For more detailed information, please see...... Famigo’s “COPPA for Newbies” blog series: • http://www.famigo.com/blog/2013/09/coppa-for-newbies- your-privacy-policy/ • http://www.famigo.com/blog/2013/08/coppa-for-newbies- who-is-covered-by-this-rule/ • http://www.famigo.com/blog/?p=3653 • http://www.famigo.com/blog/2013/10/coppa-for-newbies- what-do-we-need-to-get-from-the-parents/
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×