SlideShare a Scribd company logo

COPPA

Download as PPTX, PDF
culturewins
culturewins

An introduction for the online marketer

TechnologyHealth & Medicine
1 of 49
COPPA Legal Compliance and Restrictions. An introduction for the online marketer Not to be considered legal advice. Please consult your legal counsel for further details.
I ANAL
IAmNotALawyer
Definitions COPPA. Child Online Privacy Protection Act COPPR. Child Online Privacy Protection Rule COPA. Child Online Protection Act
Definitions The primary goal of COPPA and the Rule is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
What do we have to do?
Post a clear and comprehensive privacy policy on the website describing their information practices for children’s personal information; 1.
Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from children; 2.
Giving parents the option to consent to the collection and internal use of their children's personal information without consenting to the disclosure of that information to third parties; 3.
Provide parents access to their child’s personal information to review and/or have the information deleted; 4.
Give parents the opportunity to prevent further use or online collection of a child’s personal information; 5.
Maintain the confidentiality, security, and integrity of information they collect from children. 6.
1. Privacy Policy Post a privacy policy on the homepage of the website and link to the privacy policy everywhere personal information is collected. The Rule requires that a link to the privacy policy be posted clearly and prominently on your home page and at each area where personal information is collected. 16 C.F.R. § 312.4(b).
1. Privacy Policy Information that counts as “personal”. a first and last name; a home or other physical address including street name and name of a city or town; (C) an e-mail address; (D) a telephone number; (E) a Social Security number;s (F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or (G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.
1. Privacy Policy The PP must include name, address, telephone number, and email address of each operator collecting or maintaining personal information from children through your site; the types of personal information collected from children and whether it is collected actively or passively; how such personal information is or may be used; whether such personal information is disclosed to third parties. 16 C.F.R. § 312.4(b)(2).
1. Privacy Policy “Cookies,” “GUIDs,” “IP addresses,” or other passive information collection means must be included if they are tied to personally identifiable information. 16 C.F.R. § 312.2.
2. Direct Notice We need consent from parents of children under 13. There are two levels of consent required. One for PII that will be used with third parties or systems that make the information available to people outside of the website operators and another level for internal website operators.
2. Direct Notice Approved methods to gain consent from parents for usage of PII with third parties: Provide a form for the parent to print, fill out, sign, and mail or fax back to you (the “print-and-send” method); Require the parent to use a credit card in connection with a transaction (which could consist of a membership or subscription fee, a purchase, or a charge to cover the cost of processing the credit card). Maintain a toll-free telephone number staffed by trained personnel for parents to call in their consent; Obtain consent through an email from the parent, if that email contains a digital signature, or other digital certificate that uses public key technology obtained through one of the above methods.
2. Direct Notice Approved methods to gain consent from parents for usage of PII for Internal usage - “Email plus”: Requesting in your initial email seeking consent that the parent include a phone or fax number or mailing address in the reply email, so that you can follow up to confirm consent via telephone, fax, or postal mail; or After a reasonable time delay, sending another email to the parent to confirm consent. In this confirmatory email, you should include all the original information contained in the direct notice, inform the parent that he or she can revoke the consent, and inform the parent how to revoke the consent.
3. Scope of consent Approval for collection of PII for internal use should not automatically include or imply approval for external usage. “An operator is prohibited from conditioning a child’s participation in a game, the offering of a prize, or another activity on the child’s disclosing more information than is reasonably necessary to participate in such activity.”. Section 312.7
4. Access of data Access should be on demand but the operator is not liable for keeping all records that have been created. If data has been deleted the operator is not in breach of the CFR. The format of the data isn’t specified by the act.
5. Revocation of Permissions Parents can revoke their children's participation and the site operator is responsible for baring the child from their site using reasonable measures.
6. Data Retention Policy Web site data owners must take reasonable precautions to secure the data of minors using their service.
Exceptions There are sui generis exceptions to the CFR requirements for site operators.
Silver bullets We can request an email address for notification of a competition entry or content personalization. If contact needs to be made more than once or another piece of unique information needs to be paired with the email address standard Direct Notice procedure must be enforced.
Silver bullets Communication without direct notice can be conducted for the purpose of: ,[object Object]
One time support request and the email address is deleted immediately
If the safety of the individual is at risk
If the security of the site is at risk,[object Object]
Avoiding COPPA? Offer activities that do not require the collection or disclosure of personal information; Use screen names or other anonymous techniques to personalize the site; Limit the amount of personal information collected
Gotchas “Keep in mind that "COPPA compliant" does not only apply to websites that are intended for audiences under 13 years of age. All websites are required to have in place mechanisms for dealing with users who are known to be minors.” –Sol Irvine, Partner at Yuson & Irvine
Gotchas “This isn’t don’t ask-don’t tell. If incompliant data is there: delete it” –Anonymous
Gotchas Age gates should not “lead” the user to inputting their age as older than 13. Even if they are older. The site should provide a neutral approach where a visitor input’s their year of birth rather than hitting a check box that they are older than 13.
Gotchas Look at OpenID for managed Direct Notice consent. http://openidforkids.com/
Gotchas The IAB and DMA are lobbying for amendments of the COPPA act to allow ad servers more behavioral targeting privileges for kids thanks to Illinois’ Bobby Rush. “[…] the requirement to obtain verifiable consent from parents may also have impacted the ability of our members to provide innovative offerings to children.”
Gotchas The IAB and DMA are lobbying for amendments of the COPPA act to allow ad servers more behavioral targeting privileges for kids thanks to Illinois’ Bobby Rush. “[…] the requirement to obtain verifiable consent from parents may also have impacted the ability of our members to provide innovative offerings to children.”
Gotchas “These ad networks have no way of knowing whether a website is being accessed by a child under the age of 13 or an adult, since such ad networks are not the website operator. If the definition of ‘personal information’ were expanded to include anonymous data obtained through behavioral advertising, third parties would be forced to collect individually identifiable information about the user in order to effectuate the verifiable parental consent notice requirements.”
Gotchas “Unlike their predecessors from over a decade ago, today’s teenagers are what are known as “digital natives” – people for whom digital technologies such as computers, the Internet, and mobile phones have always been available.” Michael Zaneis Vice President of Public Policy Interactive Advertising Bureau
Gotchas CLEAR Ad Notice Technical Specifications
Gotchas
Gotchas What’s a website? (i) a home page of a website; (ii) a pen pal service; (iii) an electronic mail service; (iv) a message board; or (v) a chat room.
Examples of good policies http://www.clubpenguin.com/terms.htm http://www.nick.com/info/privacy-policy.html http://www.neopets.com/privacy.phtml
Examples of what can go wrong
Xanga “You must check the box below to certify that you are at least 13 years old” Other bio fields of the users profile contained birth dates younger than 13. 2006.
Lil’ Romeo Defendant has not disclosed it’s information practices including what information it has already collected from child and it’s intended uses of such information. Automatically registered parents consent on privacy policy click through. 2002
Toysmart “Personal information, voluntarily submitted by visitors to our site, such as name, address, billing information and shopping preferences, is never shared with a third party. When you register with toysmart.com, you can rest assured that your information will never be shared with a third party.” They sold it. 2001.
Toysmart Children who entered dates of both indicating that they were under 13 years old were freely available to register on Sony Music’s websites; they were neither restricted from participating, nor did Sony Music use cookies to assure that any restriction persisted. 2000
Imbee “The web's first and premier social networking 'mega-platform' for kids between the ages of 8 - 14. It's a cool, safe and fun environment: […]” The direct notice emailed to parents failed to disclose that imbee.com already had a collected a child’s full name, DOB, child's email address, gender and a username and password prior to sending the notice to parents. 2008
Hershey’s Hershey’s Candy of the month club provided a parents consent form for participation to collect private information. At the bottom of the form there was a box labeled “Click here to consent” which took the visitor directly to the reg form. No measures to review collected data. 2000

Recommended

Traditional shopping vs online shopping
Traditional shopping vs online shopping Traditional shopping vs online shopping
Traditional shopping vs online shopping Syaff Hk
 
2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa complianceTrustArc
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)Ms. Parasmani Jangid
 
Telemedicine
TelemedicineTelemedicine
TelemedicineRajani17
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentialityTheresa Tapley
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber lawsmulikaa
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 

Recommended

Traditional shopping vs online shopping
Traditional shopping vs online shopping Traditional shopping vs online shopping
Traditional shopping vs online shopping Syaff Hk
 
2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa complianceTrustArc
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)Ms. Parasmani Jangid
 
Telemedicine
TelemedicineTelemedicine
TelemedicineRajani17
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentialityTheresa Tapley
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber lawsmulikaa
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threatANKUR BAROT
 
Cyber law2
Cyber law2Cyber law2
Cyber law2Setu Joshi
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdfPriyanka Aash
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Internet Fraud
Internet FraudInternet Fraud
Internet FraudVasundhara Singh Gautam
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeDarshan Vithani
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and developmentAnubha Rastogi
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in MalaysiaMSC Malaysia Cybercentre @ Bangsar South City
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsDr. Prashant Vats
 
Telehealth ppt 27.12.2020
Telehealth ppt 27.12.2020Telehealth ppt 27.12.2020
Telehealth ppt 27.12.2020Shazia Iqbal
 
Electronic payment system(EPS)
Electronic payment system(EPS)Electronic payment system(EPS)
Electronic payment system(EPS)rahul kundu
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Digital Identity
Digital Identity Digital Identity
Digital Identity SanjaySharma1059
 
Cyberspace
CyberspaceCyberspace
CyberspaceUtchi
 
What is fraud
What is fraudWhat is fraud
What is fraudfraudwatch
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethicsPreet Hanspal
 
Social media privacy issues
Social media privacy issuesSocial media privacy issues
Social media privacy issuesNousheen Arshad
 
COPPA for Newbies
COPPA for NewbiesCOPPA for Newbies
COPPA for NewbiesKegan Blumenthal
 
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...- Mark - Fullbright
 

More Related Content

What's hot

Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threatANKUR BAROT
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and developmentAnubha Rastogi
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsDr. Prashant Vats
 
Telehealth ppt 27.12.2020
Telehealth ppt 27.12.2020Telehealth ppt 27.12.2020
Telehealth ppt 27.12.2020Shazia Iqbal
 
Electronic payment system(EPS)
Electronic payment system(EPS)Electronic payment system(EPS)
Electronic payment system(EPS)rahul kundu
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Cyberspace
CyberspaceCyberspace
CyberspaceUtchi
 
Social media privacy issues
Social media privacy issuesSocial media privacy issues
Social media privacy issuesNousheen Arshad
 

What's hot (20)

Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threat
 
Cyber law2
Cyber law2Cyber law2
Cyber law2
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and development
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime Investigations
 
Telehealth ppt 27.12.2020
Telehealth ppt 27.12.2020Telehealth ppt 27.12.2020
Telehealth ppt 27.12.2020
 
Electronic payment system(EPS)
Electronic payment system(EPS)Electronic payment system(EPS)
Electronic payment system(EPS)
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
 
Digital Identity
Digital Identity Digital Identity
Digital Identity
 
Cyberspace
CyberspaceCyberspace
Cyberspace
 
What is fraud
What is fraudWhat is fraud
What is fraud
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethics
 
Social media privacy issues
Social media privacy issuesSocial media privacy issues
Social media privacy issues
 

Similar to COPPA

Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...- Mark - Fullbright
 
Legislation That Internet Marketers Need to Know
Legislation That Internet Marketers Need to KnowLegislation That Internet Marketers Need to Know
Legislation That Internet Marketers Need to KnowKaley Perkins, MA
 
The FTC’s Revised COPPA Rules (Stanford Presentation)
The FTC’s Revised COPPA Rules (Stanford Presentation)The FTC’s Revised COPPA Rules (Stanford Presentation)
The FTC’s Revised COPPA Rules (Stanford Presentation)WilmerHale
 
Children Online Privacy Komal Bansal
Children Online Privacy Komal BansalChildren Online Privacy Komal Bansal
Children Online Privacy Komal BansalKomal Bansal
 
Social media marketing presentation
Social media marketing presentation Social media marketing presentation
Social media marketing presentation Venicha Baker
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil LibertiesUpekha Vandebona
 
Safeguarding Your Child's Future
Safeguarding Your Child's FutureSafeguarding Your Child's Future
Safeguarding Your Child's Future- Mark - Fullbright
 
PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011Kimberly Verska
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingTokusoudeka
 
Navigating Privacy And Spam Compliance In Social Media Advertising
Navigating Privacy And Spam Compliance In Social Media AdvertisingNavigating Privacy And Spam Compliance In Social Media Advertising
Navigating Privacy And Spam Compliance In Social Media Advertisingeldercomlaw
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteSilverTech
 
Privacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommercePrivacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommerceNow Dentons
 

Similar to COPPA (20)

COPPA for Newbies
COPPA for NewbiesCOPPA for Newbies
COPPA for Newbies
 
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
 
Business COPPA 6 Steps
Business COPPA 6 StepsBusiness COPPA 6 Steps
Business COPPA 6 Steps
 
Legislation That Internet Marketers Need to Know
Legislation That Internet Marketers Need to KnowLegislation That Internet Marketers Need to Know
Legislation That Internet Marketers Need to Know
 
The FTC’s Revised COPPA Rules (Stanford Presentation)
The FTC’s Revised COPPA Rules (Stanford Presentation)The FTC’s Revised COPPA Rules (Stanford Presentation)
The FTC’s Revised COPPA Rules (Stanford Presentation)
 
Children Online Privacy Komal Bansal
Children Online Privacy Komal BansalChildren Online Privacy Komal Bansal
Children Online Privacy Komal Bansal
 
Social media marketing presentation
Social media marketing presentation Social media marketing presentation
Social media marketing presentation
 
Fundraising On The Internet
Fundraising On The InternetFundraising On The Internet
Fundraising On The Internet
 
Dpl november colombia
Dpl november colombiaDpl november colombia
Dpl november colombia
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil Liberties
 
Safeguarding Your Child's Future
Safeguarding Your Child's FutureSafeguarding Your Child's Future
Safeguarding Your Child's Future
 
PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in Marketing
 
Navigating Privacy And Spam Compliance In Social Media Advertising
Navigating Privacy And Spam Compliance In Social Media AdvertisingNavigating Privacy And Spam Compliance In Social Media Advertising
Navigating Privacy And Spam Compliance In Social Media Advertising
 
How to not strike out with the CCPA
How to not strike out with the CCPAHow to not strike out with the CCPA
How to not strike out with the CCPA
 
Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the Law
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
Privacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommercePrivacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-Commerce
 
Shai samet
Shai sametShai samet
Shai samet
 
Privacy Policy
Privacy PolicyPrivacy Policy
Privacy Policy
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

COPPA

  • 1. COPPA Legal Compliance and Restrictions. An introduction for the online marketer Not to be considered legal advice. Please consult your legal counsel for further details.
  • 4. Definitions COPPA. Child Online Privacy Protection Act COPPR. Child Online Privacy Protection Rule COPA. Child Online Protection Act
  • 5. Definitions The primary goal of COPPA and the Rule is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
  • 6. What do we have to do?
  • 7. Post a clear and comprehensive privacy policy on the website describing their information practices for children’s personal information; 1.
  • 8. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from children; 2.
  • 9. Giving parents the option to consent to the collection and internal use of their children's personal information without consenting to the disclosure of that information to third parties; 3.
  • 10. Provide parents access to their child’s personal information to review and/or have the information deleted; 4.
  • 11. Give parents the opportunity to prevent further use or online collection of a child’s personal information; 5.
  • 12. Maintain the confidentiality, security, and integrity of information they collect from children. 6.
  • 13. 1. Privacy Policy Post a privacy policy on the homepage of the website and link to the privacy policy everywhere personal information is collected. The Rule requires that a link to the privacy policy be posted clearly and prominently on your home page and at each area where personal information is collected. 16 C.F.R. § 312.4(b).
  • 14. 1. Privacy Policy Information that counts as “personal”. a first and last name; a home or other physical address including street name and name of a city or town; (C) an e-mail address; (D) a telephone number; (E) a Social Security number;s (F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or (G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.
  • 15. 1. Privacy Policy The PP must include name, address, telephone number, and email address of each operator collecting or maintaining personal information from children through your site; the types of personal information collected from children and whether it is collected actively or passively; how such personal information is or may be used; whether such personal information is disclosed to third parties. 16 C.F.R. § 312.4(b)(2).
  • 16. 1. Privacy Policy “Cookies,” “GUIDs,” “IP addresses,” or other passive information collection means must be included if they are tied to personally identifiable information. 16 C.F.R. § 312.2.
  • 17. 2. Direct Notice We need consent from parents of children under 13. There are two levels of consent required. One for PII that will be used with third parties or systems that make the information available to people outside of the website operators and another level for internal website operators.
  • 18. 2. Direct Notice Approved methods to gain consent from parents for usage of PII with third parties: Provide a form for the parent to print, fill out, sign, and mail or fax back to you (the “print-and-send” method); Require the parent to use a credit card in connection with a transaction (which could consist of a membership or subscription fee, a purchase, or a charge to cover the cost of processing the credit card). Maintain a toll-free telephone number staffed by trained personnel for parents to call in their consent; Obtain consent through an email from the parent, if that email contains a digital signature, or other digital certificate that uses public key technology obtained through one of the above methods.
  • 19. 2. Direct Notice Approved methods to gain consent from parents for usage of PII for Internal usage - “Email plus”: Requesting in your initial email seeking consent that the parent include a phone or fax number or mailing address in the reply email, so that you can follow up to confirm consent via telephone, fax, or postal mail; or After a reasonable time delay, sending another email to the parent to confirm consent. In this confirmatory email, you should include all the original information contained in the direct notice, inform the parent that he or she can revoke the consent, and inform the parent how to revoke the consent.
  • 20. 3. Scope of consent Approval for collection of PII for internal use should not automatically include or imply approval for external usage. “An operator is prohibited from conditioning a child’s participation in a game, the offering of a prize, or another activity on the child’s disclosing more information than is reasonably necessary to participate in such activity.”. Section 312.7
  • 21. 4. Access of data Access should be on demand but the operator is not liable for keeping all records that have been created. If data has been deleted the operator is not in breach of the CFR. The format of the data isn’t specified by the act.
  • 22. 5. Revocation of Permissions Parents can revoke their children's participation and the site operator is responsible for baring the child from their site using reasonable measures.
  • 23. 6. Data Retention Policy Web site data owners must take reasonable precautions to secure the data of minors using their service.
  • 24. Exceptions There are sui generis exceptions to the CFR requirements for site operators.
  • 25. Silver bullets We can request an email address for notification of a competition entry or content personalization. If contact needs to be made more than once or another piece of unique information needs to be paired with the email address standard Direct Notice procedure must be enforced.
  • 26.
  • 27. One time support request and the email address is deleted immediately
  • 28. If the safety of the individual is at risk
  • 29.
  • 30. Avoiding COPPA? Offer activities that do not require the collection or disclosure of personal information; Use screen names or other anonymous techniques to personalize the site; Limit the amount of personal information collected
  • 31. Gotchas “Keep in mind that "COPPA compliant" does not only apply to websites that are intended for audiences under 13 years of age. All websites are required to have in place mechanisms for dealing with users who are known to be minors.” –Sol Irvine, Partner at Yuson & Irvine
  • 32. Gotchas “This isn’t don’t ask-don’t tell. If incompliant data is there: delete it” –Anonymous
  • 33. Gotchas Age gates should not “lead” the user to inputting their age as older than 13. Even if they are older. The site should provide a neutral approach where a visitor input’s their year of birth rather than hitting a check box that they are older than 13.
  • 34. Gotchas Look at OpenID for managed Direct Notice consent. http://openidforkids.com/
  • 35. Gotchas The IAB and DMA are lobbying for amendments of the COPPA act to allow ad servers more behavioral targeting privileges for kids thanks to Illinois’ Bobby Rush. “[…] the requirement to obtain verifiable consent from parents may also have impacted the ability of our members to provide innovative offerings to children.”
  • 36. Gotchas The IAB and DMA are lobbying for amendments of the COPPA act to allow ad servers more behavioral targeting privileges for kids thanks to Illinois’ Bobby Rush. “[…] the requirement to obtain verifiable consent from parents may also have impacted the ability of our members to provide innovative offerings to children.”
  • 37. Gotchas “These ad networks have no way of knowing whether a website is being accessed by a child under the age of 13 or an adult, since such ad networks are not the website operator. If the definition of ‘personal information’ were expanded to include anonymous data obtained through behavioral advertising, third parties would be forced to collect individually identifiable information about the user in order to effectuate the verifiable parental consent notice requirements.”
  • 38. Gotchas “Unlike their predecessors from over a decade ago, today’s teenagers are what are known as “digital natives” – people for whom digital technologies such as computers, the Internet, and mobile phones have always been available.” Michael Zaneis Vice President of Public Policy Interactive Advertising Bureau
  • 39. Gotchas CLEAR Ad Notice Technical Specifications
  • 41. Gotchas What’s a website? (i) a home page of a website; (ii) a pen pal service; (iii) an electronic mail service; (iv) a message board; or (v) a chat room.
  • 42. Examples of good policies http://www.clubpenguin.com/terms.htm http://www.nick.com/info/privacy-policy.html http://www.neopets.com/privacy.phtml
  • 43. Examples of what can go wrong
  • 44. Xanga “You must check the box below to certify that you are at least 13 years old” Other bio fields of the users profile contained birth dates younger than 13. 2006.
  • 45. Lil’ Romeo Defendant has not disclosed it’s information practices including what information it has already collected from child and it’s intended uses of such information. Automatically registered parents consent on privacy policy click through. 2002
  • 46. Toysmart “Personal information, voluntarily submitted by visitors to our site, such as name, address, billing information and shopping preferences, is never shared with a third party. When you register with toysmart.com, you can rest assured that your information will never be shared with a third party.” They sold it. 2001.
  • 47. Toysmart Children who entered dates of both indicating that they were under 13 years old were freely available to register on Sony Music’s websites; they were neither restricted from participating, nor did Sony Music use cookies to assure that any restriction persisted. 2000
  • 48. Imbee “The web's first and premier social networking 'mega-platform' for kids between the ages of 8 - 14. It's a cool, safe and fun environment: […]” The direct notice emailed to parents failed to disclose that imbee.com already had a collected a child’s full name, DOB, child's email address, gender and a username and password prior to sending the notice to parents. 2008
  • 49. Hershey’s Hershey’s Candy of the month club provided a parents consent form for participation to collect private information. At the bottom of the form there was a box labeled “Click here to consent” which took the visitor directly to the reg form. No measures to review collected data. 2000
  • 50. FTC contact 1-(877) FTC-HELP - General enquires (202) 326-3140 - Specific enquires
  • 51. Appendix: Research links http://www.ftc.gov/privacy/coppafaqs.shtm http://business.ftc.gov/privacy-and-security/children%E2%80%99s-online-privacy http://business.ftc.gov/documents/bus45-how-comply-childrens-online-privacy-protection-rule http://www.philadelphiafed.org/bank-resources/publications/compliance-corner/2003/fourth-quarter/q4cc1_03.cfm http://www.ftc.gov/privacy/coppafaqs.shtm http://business.ftc.gov/legal-resources/30/35 http://www.zephoria.org/thoughts/archives/2010/06/10/how-coppa-fails-parents-educators-youth.html http://www.quora.com/What-are-good-examples-of-COPPA-compliant-web-sites http://blogs.wsj.com/digits/2010/09/17/understanding-the-childrens-online-privacy-protection-act/ http://www.ftc.gov/ogc/coppa1.htm http://www.slideshare.net/dsims/coppa-and-you http://www.the-dma.org/privacy/HowtoComplywithCOPPA-PDFVersion.pdf http://www.iab.net/wiki/index.php/COPPA http://www.google.com/url?sa=t&source=web&cd=3&ved=0CCAQFjAC&url=http%3A%2F%2Fwww.iab.net%2Fmedia%2Ffile%2FAugust_Legislative_Update.docx&rct=j&q=iab%20coppa&ei=XrasTcT0MJCosQPo2-zJCQ&usg=AFQjCNERkcWncVC4Wv8tX4xyMOtrC77MgA&cad=rja http://www.advertisinglawblog.com/2010/08/ftc-in-ongoing-review-of-coppa.shtml http://www.iab.net/media/file/DC1DOCS1-%23400330-v1-Comments_-_COPPA_Rule_Review_P104503.PDF http://www.scribd.com/doc/15610373/IAB-Document-on-Best-Practices-in-Social-Advertising http://info.yahoo.com/privacy/us/yahoo/attandyahoo/adchoices.html http://www.iab.net/clear

Editor's Notes

  1. COPPA USC 6501-6508 Enacted in 1999. COPPR enacted April 21 2000 (Friday). COPA created in 1998. In March of 2007, the trial court again found that COPA was unconstitutional.
  2. Some sites simply don’t allow marketing to under 13 year olds at all. It is possible and it is permissible.
  3. Daniel Simms in Georgia
  4. Daniel Simms in Georgia
  5. Daniel Simms in Georgia
  6. Daniel Simms in Georgia
  7. Daniel Simms in Georgia
  8. Daniel Simms in Georgia
  9. Daniel Simms in Georgia
  10. Daniel Simms in Georgia
  11. $1 million costSouthern district court of NY
  12. Central district of California.
  13. Went out of business.District of Massachusetts
  14. Southern district of New York
  15. Northern district of California. Oakland.
  16. $80K costMiddle district court of Pennsylvania.