Kegan Blumenthal, profile picture
Uploaded byKegan Blumenthal
PPTX, PDF1,527 views

COPPA for Newbies

The document provides an overview of the Children's Online Privacy Protection Act (COPPA), detailing its purpose, which is to ensure parental control over the collection of personal information from children under 13. It outlines requirements for developers, including posting a comprehensive privacy policy, sending direct notices to parents, and obtaining verifiable parental consent. Additionally, it explains what constitutes personal information and how developers should manage security and access related to children's data.

Embed presentation

Downloaded 20 times
How to comply with COPPA By: Gen Li
Disclaimer This is not a legal advice. You must not rely on the information on this slide as an alternative to legal advice from your attorney or other professional legal services provider. If you have any specific questions about any legal matter you should consult your attorney or other professional legal services provider. You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this presentation.
What is COPPA?
A type of meat? A restaurant’s name? !
COPPA • The Children’s Online Privacy Protection Act (COPPA) was enacted by Congress in 1998. COPPA required the Federal Trade Commission (FTC) to issue and enforce regulations concerning children’s online privacy. The FTC’s amended Rule became effective on July 1, 2013. • COPPA’s primary goal is to ensure that parents have control over what information is collected from their young children online. • The Rule only covers developers that: (1) that operate mobile apps that are directed to children under 13 and collect, use or disclose personal information from children, and (2) those who have actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
What does “personal information” include? (5) a telephone number; (6) a social security number; (7) a persistent identifier; (8) a photograph, video, or audio file, where such file contains a child’s image or voice; or (9) geo-location information sufficient to identify street name and name of a city or town. (1) first and last name; (2) a home or other physical address including street name and name of a city or town; (3) online contact information; (4) a screen or user name that functions as online contact information;
If you are covered, what should you do? • Post a clear and comprehensive privacy policy • Send direct notice to parents • Obtain verifiable parental consent from parents • Provide sufficient security to collected personal information • Allow parents to review collected information
Post a clear and comprehensive Privacy Policy
What does “comprehensive” mean? Your privacy policy needs to include the following information: • The developer and related operators’ personal information. Including: (1) name, (2) address, (3) telephone number and (4) email address. • A description of the types of information the developer collects from children, and how the developer uses the information. • A statement that parents can review or delete their children’s personal information and prevent future collection.
For example:
What does “clear” mean? The amended Rule requires the developer to post the privacy policy link in a clear and prominent location on the website or on the landing page. A“clear and prominent” link must stand out and be noticeable to the site’s visitors. The link is likely to be “clear and prominent” if it is in a larger font size and in all caps in a color that contrasts with the background. For example:
Send a direct notice to parents
What needs to be in the notice? 1. If the notice is used to obtain a parent’s verifiable consent prior to the collection of a child’s personal information, then you must: • State that you have collected the parent’s online contact information from the child, and that it is only used to obtain the parent’s consent; • State that the parent’s consent is required for the information collection; • List the personal information that is going to be collected if there is consent; • Include a hyperlink to your privacy policy; • State how the parent can grant verifiable parental consent; and • State that if the parent does not provide consent within a reasonable amount of time, then you will delete the parent’s online contact information.
2. If the notice is to provide a parent information about the child’s online activities and does not involve personal information collection, then : • State that you have collected the parent’s online contact information from the child, and that it is used to obtain the parent’s consent; • State that the parent’s online contact information will not be used or disclosed for any other purpose; • State that the parent can prevent the child from using the app and may require you to delete the online contact information, and how the parent can do so, and • Include a hyperlink to your privacy policy.
• For example:
How to send a notice? Based on section 312.4 (b) of the amended Rule, you must make reasonable efforts, taking into consideration the available technology, to ensure that a parent or child receives the direct notice. There is no absolute standard about what counts as a proper way to send a direct notice, and you need to make your own decision based on the available technology and information. For example:
Obtain verifiable parental consent from parents
Obtain verifiable parental consent from parents • Existing approved verifiable parental consent methods • Alternative “Email-plus” method
Existing approved verifiable parental consent • Provide consent through mail or fax; • Provide information about a credit card or a debt card; • Call a toll-free telephone; • Send consent via video-conference; • Checking a government-issued identification.
Alternative “Email-plus” method If you will only use the personal information for internal purposes, then you can use the next two steps: First: send an email to the child’s parent, and the parent can manifest his consent in the returning email Second, after receiving the email consent, you need to either (1) make a confirmation phone call, fax or letter to the parent; or (2) send a confirmation message via the parent’s online contact information within a reasonable amount of time.
Provide sufficient security to collected personal information
Provide sufficient security to collected personal information • COPPA requires developers to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. • If there is an industry security standard, FOLLOW IT! For example:
Allow parents to review collected information
Allow parents to review collected information • Based on section 312.6 of the COPPA Rule, upon a parent’s request, the developer must grant the parent access to the collected personal information. For example:
For more detailed information, please see...... Famigo’s “COPPA for Newbies” blog series: • http://www.famigo.com/blog/2013/09/coppa-for-newbies- your-privacy-policy/ • http://www.famigo.com/blog/2013/08/coppa-for-newbies- who-is-covered-by-this-rule/ • http://www.famigo.com/blog/?p=3653 • http://www.famigo.com/blog/2013/10/coppa-for-newbies- what-do-we-need-to-get-from-the-parents/

More Related Content

PDF
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
by- Mark - Fullbright
 
PDF
Medical billing procedures manual
byKuldeep Rawat
 
PPTX
Managing payment posting in eclinicalworks
byPracticeBridge
 
PPTX
COPPA
byculturewins
 
PDF
10 Step Guide to COPPA Compliance
byKegan Blumenthal
 
PPT
COPPA and Over 13 Age Restrictions
byMark Moran
 
PDF
Business COPPA 6 Steps
by- Mark - Fullbright
 
PDF
The FTC’s Revised COPPA Rules (Stanford Presentation)
byWilmerHale
 
Children’s Online Privacy Protection Rule- A Six-Step Compliance Plan for You...
by- Mark - Fullbright
 
Medical billing procedures manual
byKuldeep Rawat
 
Managing payment posting in eclinicalworks
byPracticeBridge
 
COPPA
byculturewins
 
10 Step Guide to COPPA Compliance
byKegan Blumenthal
 
COPPA and Over 13 Age Restrictions
byMark Moran
 
Business COPPA 6 Steps
by- Mark - Fullbright
 
The FTC’s Revised COPPA Rules (Stanford Presentation)
byWilmerHale
 

Similar to COPPA for Newbies

PPTX
Coppa overview
bychstokes
 
PPTX
Legislation That Internet Marketers Need to Know
byKaley Perkins, MA
 
PPTX
COPPA
byrburggraaf
 
PDF
Children online privacy & protection
byMansi Kandari
 
PDF
Shai samet
by500 Startups
 
PPT
COPPA Compliance
byKegan Blumenthal
 
PDF
parent_teacher_tutorial
bytutorialsruby
 
PDF
parent_teacher_tutorial
bytutorialsruby
 
PPTX
ISBA Privacy CLE “special areas”
byAdler Law Group
 
PDF
Children's Online Privacy Protection Rule
by- Mark - Fullbright
 
PDF
Children Online Privacy Komal Bansal
byKomal Bansal
 
PPTX
Social media marketing presentation
byVenicha Baker
 
PDF
Respecting Children's Privacy Rights – All You Should Know.pdf
byjulienester
 
PPTX
Privacy rules
byjendecook
 
PPTX
Privacy rules
byGNBCEC
 
PPT
Online Social Networking 101: Monitoring Your Child's Cyber Playground
byStephanie Barnhart
 
PPTX
Privacy and protection of children in relation raudhat
byRaudhat-Rahma Shittu-Agbetola
 
PDF
Children’s Online Privacy Protection
byDailyHostNews
 
PDF
Children's Online Privacy and Rights
bynpetten
 
PPT
Hurd, lindse slide share presentation
bylhurd01
 
Coppa overview
bychstokes
 
Legislation That Internet Marketers Need to Know
byKaley Perkins, MA
 
COPPA
byrburggraaf
 
Children online privacy & protection
byMansi Kandari
 
Shai samet
by500 Startups
 
COPPA Compliance
byKegan Blumenthal
 
parent_teacher_tutorial
bytutorialsruby
 
parent_teacher_tutorial
bytutorialsruby
 
ISBA Privacy CLE “special areas”
byAdler Law Group
 
Children's Online Privacy Protection Rule
by- Mark - Fullbright
 
Children Online Privacy Komal Bansal
byKomal Bansal
 
Social media marketing presentation
byVenicha Baker
 
Respecting Children's Privacy Rights – All You Should Know.pdf
byjulienester
 
Privacy rules
byjendecook
 
Privacy rules
byGNBCEC
 
Online Social Networking 101: Monitoring Your Child's Cyber Playground
byStephanie Barnhart
 
Privacy and protection of children in relation raudhat
byRaudhat-Rahma Shittu-Agbetola
 
Children’s Online Privacy Protection
byDailyHostNews
 
Children's Online Privacy and Rights
bynpetten
 
Hurd, lindse slide share presentation
bylhurd01
 

Recently uploaded

PDF
Keppel Ltd. 2H & FY 2025 Results Presentation Slides
byKeppelCorporation
 
PPTX
PRELIMS for PES on world businesses.pptx
bySureshGKPESUniversit
 
PDF
Ultra Map Section I Interface Virtual.pdf
byBrij Consulting, LLC
 
PDF
On Demand Wine Delivery Apps Development
byV3CUBE TECHNOLABS
 
PPTX
QUALITY-AUDIT: ISO 9001:2015 Internal Audit Summary Report -.pptx
byAlyumaeRoseTajaleflo
 
PDF
Decoded: The Mystery of Life and the Begining of Time
byanyebepeter
 
PPTX
Myntra Seller Commission & Fees Guide | Ecommerce Account Management by Miloy...
byMiloy And Company
 
PDF
Your presence tells your story in real time
byPatrice Bisiot
 
PDF
ICv2 White Paper - Navigating the New World of Comics
byDennisViau
 
PDF
sse-engineer-questions-answers-only1.pdf
bydeajhds
 
DOCX
Buy Old Gmail Accounts – Academic & Professional Guide 2026.docx
byBuy iCloud Email Accounts
 
PDF
Jay Bhaumik Plano - Skilled In Business Strategy, And Investment
byJay Bhaumik Plano
 
PPTX
Sewage Treatment Plant in Chennai | Best STP Plant Manufacturers in Tamilnad...
byKemproPumps
 
PDF
Professional Profile of Micky Ahuja | CEO of MA Services Group Australia
byMicky Ahuja
 
PDF
KASIM SEN: The Silent Weapon: The Strategic Role of PMOs in Defense (EN)
byLviv Startup Club
 
PPTX
Effluent Treatment Plant Companies in Chennai | Effluent Treatment Plant Manu...
byKemproPumps
 
PDF
ISACA CISM and CISA - Case Study for BCP
byJS
 
PDF
Precision Agriculture 2026: Using Drones for Targeted Insecticide and Herbici...
byDhanuka Agritech Limited
 
PPTX
Retail - Management _ Chapter - 3 . pptx
byChristineJoySebuano
 
PPTX
Retail Location and Site Selection .pptx
byChristineJoySebuano
 
Keppel Ltd. 2H & FY 2025 Results Presentation Slides
byKeppelCorporation
 
PRELIMS for PES on world businesses.pptx
bySureshGKPESUniversit
 
Ultra Map Section I Interface Virtual.pdf
byBrij Consulting, LLC
 
On Demand Wine Delivery Apps Development
byV3CUBE TECHNOLABS
 
QUALITY-AUDIT: ISO 9001:2015 Internal Audit Summary Report -.pptx
byAlyumaeRoseTajaleflo
 
Decoded: The Mystery of Life and the Begining of Time
byanyebepeter
 
Myntra Seller Commission & Fees Guide | Ecommerce Account Management by Miloy...
byMiloy And Company
 
Your presence tells your story in real time
byPatrice Bisiot
 
ICv2 White Paper - Navigating the New World of Comics
byDennisViau
 
sse-engineer-questions-answers-only1.pdf
bydeajhds
 
Buy Old Gmail Accounts – Academic & Professional Guide 2026.docx
byBuy iCloud Email Accounts
 
Jay Bhaumik Plano - Skilled In Business Strategy, And Investment
byJay Bhaumik Plano
 
Sewage Treatment Plant in Chennai | Best STP Plant Manufacturers in Tamilnad...
byKemproPumps
 
Professional Profile of Micky Ahuja | CEO of MA Services Group Australia
byMicky Ahuja
 
KASIM SEN: The Silent Weapon: The Strategic Role of PMOs in Defense (EN)
byLviv Startup Club
 
Effluent Treatment Plant Companies in Chennai | Effluent Treatment Plant Manu...
byKemproPumps
 
ISACA CISM and CISA - Case Study for BCP
byJS
 
Precision Agriculture 2026: Using Drones for Targeted Insecticide and Herbici...
byDhanuka Agritech Limited
 
Retail - Management _ Chapter - 3 . pptx
byChristineJoySebuano
 
Retail Location and Site Selection .pptx
byChristineJoySebuano
 

COPPA for Newbies

  • 1.
    How to complywith COPPA By: Gen Li
  • 2.
    Disclaimer This is nota legal advice. You must not rely on the information on this slide as an alternative to legal advice from your attorney or other professional legal services provider. If you have any specific questions about any legal matter you should consult your attorney or other professional legal services provider. You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this presentation.
  • 3.
  • 4.
    A type ofmeat? A restaurant’s name? !
  • 5.
    COPPA • The Children’sOnline Privacy Protection Act (COPPA) was enacted by Congress in 1998. COPPA required the Federal Trade Commission (FTC) to issue and enforce regulations concerning children’s online privacy. The FTC’s amended Rule became effective on July 1, 2013. • COPPA’s primary goal is to ensure that parents have control over what information is collected from their young children online. • The Rule only covers developers that: (1) that operate mobile apps that are directed to children under 13 and collect, use or disclose personal information from children, and (2) those who have actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
  • 6.
    What does “personalinformation” include? (5) a telephone number; (6) a social security number; (7) a persistent identifier; (8) a photograph, video, or audio file, where such file contains a child’s image or voice; or (9) geo-location information sufficient to identify street name and name of a city or town. (1) first and last name; (2) a home or other physical address including street name and name of a city or town; (3) online contact information; (4) a screen or user name that functions as online contact information;
  • 7.
    If you arecovered, what should you do? • Post a clear and comprehensive privacy policy • Send direct notice to parents • Obtain verifiable parental consent from parents • Provide sufficient security to collected personal information • Allow parents to review collected information
  • 8.
    Post a clearand comprehensive Privacy Policy
  • 9.
    What does “comprehensive”mean? Your privacy policy needs to include the following information: • The developer and related operators’ personal information. Including: (1) name, (2) address, (3) telephone number and (4) email address. • A description of the types of information the developer collects from children, and how the developer uses the information. • A statement that parents can review or delete their children’s personal information and prevent future collection.
  • 10.
  • 11.
    What does “clear”mean? The amended Rule requires the developer to post the privacy policy link in a clear and prominent location on the website or on the landing page. A“clear and prominent” link must stand out and be noticeable to the site’s visitors. The link is likely to be “clear and prominent” if it is in a larger font size and in all caps in a color that contrasts with the background. For example:
  • 12.
    Send a directnotice to parents
  • 13.
    What needs tobe in the notice? 1. If the notice is used to obtain a parent’s verifiable consent prior to the collection of a child’s personal information, then you must: • State that you have collected the parent’s online contact information from the child, and that it is only used to obtain the parent’s consent; • State that the parent’s consent is required for the information collection; • List the personal information that is going to be collected if there is consent; • Include a hyperlink to your privacy policy; • State how the parent can grant verifiable parental consent; and • State that if the parent does not provide consent within a reasonable amount of time, then you will delete the parent’s online contact information.
  • 14.
    2. If thenotice is to provide a parent information about the child’s online activities and does not involve personal information collection, then : • State that you have collected the parent’s online contact information from the child, and that it is used to obtain the parent’s consent; • State that the parent’s online contact information will not be used or disclosed for any other purpose; • State that the parent can prevent the child from using the app and may require you to delete the online contact information, and how the parent can do so, and • Include a hyperlink to your privacy policy.
  • 15.
  • 16.
    How to senda notice? Based on section 312.4 (b) of the amended Rule, you must make reasonable efforts, taking into consideration the available technology, to ensure that a parent or child receives the direct notice. There is no absolute standard about what counts as a proper way to send a direct notice, and you need to make your own decision based on the available technology and information. For example:
  • 17.
    Obtain verifiable parentalconsent from parents
  • 18.
    Obtain verifiable parentalconsent from parents • Existing approved verifiable parental consent methods • Alternative “Email-plus” method
  • 19.
    Existing approved verifiableparental consent • Provide consent through mail or fax; • Provide information about a credit card or a debt card; • Call a toll-free telephone; • Send consent via video-conference; • Checking a government-issued identification.
  • 20.
    Alternative “Email-plus” method Ifyou will only use the personal information for internal purposes, then you can use the next two steps: First: send an email to the child’s parent, and the parent can manifest his consent in the returning email Second, after receiving the email consent, you need to either (1) make a confirmation phone call, fax or letter to the parent; or (2) send a confirmation message via the parent’s online contact information within a reasonable amount of time.
  • 21.
    Provide sufficient securityto collected personal information
  • 22.
    Provide sufficient securityto collected personal information • COPPA requires developers to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. • If there is an industry security standard, FOLLOW IT! For example:
  • 23.
    Allow parents toreview collected information
  • 24.
    Allow parents toreview collected information • Based on section 312.6 of the COPPA Rule, upon a parent’s request, the developer must grant the parent access to the collected personal information. For example:
  • 25.
    For more detailedinformation, please see...... Famigo’s “COPPA for Newbies” blog series: • http://www.famigo.com/blog/2013/09/coppa-for-newbies- your-privacy-policy/ • http://www.famigo.com/blog/2013/08/coppa-for-newbies- who-is-covered-by-this-rule/ • http://www.famigo.com/blog/?p=3653 • http://www.famigo.com/blog/2013/10/coppa-for-newbies- what-do-we-need-to-get-from-the-parents/