SchoolCIO | K-12 Blueprint | 21st Century Connections | Digital Learning Environments
New Bay Media
  Search TechLearning with Use the Google search box to search our site.
 
 
 
Teachers Technology Coordinators Administrators
left slice

Home Publications eBooks Resources Events Hot Topics About Us Subscribe

Tech Learning Discussions Forums Meet our School & District Partners Write for Educators eZine Write for Educators eZine
RSS Feed: Learn more



Second Life

  Please Visit Our Other   Web Sites
TL Blog TL Podcasts
Home > Magazine > Archives > Nov 2000 > Guide > Coppa

Nov. 15, 2000

COPPA: A Lawyer Answers Some Basic Questions

What is COPPA? The Children's Online Privacy Protection Act (COPPA) was enacted in late 1998. COPPA prohibits a Web site operator from knowingly collecting information from children under the age of 13 unless the operator obtains parental consent and allows parents to review their children's information and restrict its further use. The Federal Trade Commission (FTC) is charged with enforcing the law, and has issued detailed regulations (see www.cdt.org/legislation/105th/privacy/coppa.html). State attorneys general may enforce COPPA as well.

Isn't this unconstitutional? Probably not. COPPA is sometimes confused with the Child Online Protection Act (COPA), which prohibited online distribution of content "harmful" to minors. At least one court has held that parts of COPA violate the First Amendment. There has yet to be a constitutional challenge to COPPA.

Who must comply with COPPA? Every operator of a commercial Web site needs to comply, either by not knowingly collecting children's personal information or by adhering to the FTC's parental notice and consent requirements and usage restrictions. COPPA particularly affects any operator whose site is directed in whole or in part towards children under 13, or who knows or suspects that it collects personal information from children under 13.

What type of information collection is regulated? COPPA regulates only the collection of personally identifying information, such as a child's name, e-mail address, or phone number. It does not apply to statistical information, such as aggregate numbers of "impressions" on a Web site, unless such information is linked to information that can personally identify the user.

How do Web sites comply with COPPA? COPPA prevents Web sites from knowingly collecting children's personal information without parental consent. A site "knowingly" collects information from children any time that the information it collects from a user reveals that the user is a child under thirteen. However, the FTC has clarified that you can't avoid "knowing" that you have collected information from children merely by not asking users their ages. The FTC and state authorities will take action against a Web site that should know that the person submitting information is under 13.

Does this mean that sites for under-13 students can no longer legally offer chat rooms, ask questions of visitors, or gather information about them? No, but to comply with COPPA, the site must first

  • get "verifiable" parental consent in a manner approved by the FTC;
  • provide parents with the ability to review their children's information and restrict its further use;
  • disclose its information collection and use practices by prominently posting a privacy statement on its Web site and near information collection points; and
  • take steps to protect the information.

Do the same rules apply to a non-commercial Web site, such as a school Web site or discussion group set up by the school for use by kids? The act applies to Web sites offered for a commercial purpose. For example, a private school operating on a for-profit basis operates its Web sites for a commercial purpose. A public school not operating for profit, however, is not subject to COPPA. The FTC nevertheless encourages nonprofits to post privacy policies and take measures to protect children who provide personal information through their Web sites.

What forms of parental consent qualify? The FTC's regulations require that consent be "verifiable." Sufficient methods include having children download a form for their parents to sign and return by fax or mail to the Web site operator, or providing a trained staff to take telephone calls to verify that it is indeed a parent providing the consent.

Consent by e-mail is allowed only if additional steps are taken to ensure that the person providing the consent is the child's parent. For the consent to be valid, the parent must also be given notice of the Web site operator's policies with respect to the use of his or her child's information (possibly by calling the parent's attention to, or providing a copy of, the operator's privacy statement).

Can a school act as an intermediary between parents and operators for purposes of granting consent? Yes. The FTC has noted that a school can provide operators with the appropriate consent on behalf of parents. For example, the school could obtain parental consent for each student at the beginning of each school year for in-school Internet access. A Web site operator is allowed to presume that consent provided by the school is based on the school having obtained this consent from parents. Prior to seeking a blanket permission statement at the beginning of each year, schools may wish to consider educating parents on classroom uses of the Internet and which educational activities require Web sites to collect personal information from children. -Kevin J. Kuzas




advertisement

Hands-On, Instructor-Led Computer / IT Training
Instructor-led information technology (IT) training in 75 cities. Learn Java, SQL, NET, and more. On-site training available. Request a free proposal.

Online Microsoft Certification Training Courses
High-quality, comprehensive Microsoft Certification preparation courses for less than $200. Prepare online for certification exams at your own pace.



TechLEARNING is brought to you by NewBay Media LLC
Copyright © 2008Privacy StatementTerms of Service