The Children's Online Privacy Protection Act of 1998 ( COPPA ) is a United States federal law, located at 15 USCÃ,§Ã,§Ã, 6501- 6506 (Pub.L. 105-277, 112Ã, Stat.Ã, 2681-728, enacted 21 October 1998).
The Act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under US jurisdiction of children under 13 years old. It details what website operators should include in their privacy policies, when and how to seek verifiable approval from parents or guardians, and what responsibilities the operator must take to protect the privacy and safety of children online including marketing restrictions for those under 13 years of age.
While children under 13 can provide legitimate personal information with their parental consent, many websites - especially social media sites - prohibit minors from using their services altogether because of the costs and work involved in complying with the law.
Video Children's Online Privacy Protection Act
​​â € <â €
The Federal Trade Commission (FTC) has the authority to issue regulations and enforce COPPA. Also under the terms of COPPA, the provisioning of the "safe harbor" set by the FTC is designed to encourage improved industrial self-regulation. Under this provision, industry groups and other parties may request the Commission's approval of self-regulatory guidelines to regulate compliance, so that website operators within the Commission approved program shall first be subject to the disciplinary procedures of the safe port program in place of the FTC's enforcement. As of June 2016, the FTC has approved seven safe port programs operated by TRUSTe, ESRB, CARU, PRIVO, Aristotle, Inc., Samet Privacy (kidSAFE), and Internet Keep Safe Coalition (iKeepSafe).
In September 2011, the FTC announced the proposed revision of COPPA rules, the first significant change to the act since the issuance of the regulation in 2000. The proposed rule changes expand the definition of what it means to "collect" data from children. The proposed rule presents data retention and removal requirements, which mandates that the data obtained from children is only stored for the amount of time it takes to reach its collection objectives. He also added the requirement that operators ensure that third parties where their child's information is disclosed have proper procedures to protect information.
This law applies to websites and online services that are operated for commercial purposes intended for children under 13 years of age or have actual knowledge that children under the age of 13 provide information online. Most recognized nonprofit organizations are exempt from most COPPA requirements. However, the Supreme Court ruled that the non-profit operated for the benefit of their members' commercial activities was subject to FTC regulations and consequently COPPA as well. The type of "verifiable parent consent" required before collecting and using information provided by children under 13 is based on a "shear scale" set forth in the Federal Trade Commission regulations which considers the manner in which the information is collected and the usefulness of that information.
Maps Children's Online Privacy Protection Act
Violation
The FTC has brought a number of actions against website operators for failure to comply with COPPA requirements, including actions on the Girls' Life, American Pop Corn Company, Lisa Frank, Inc., Mrs. Fields Cookies, and The Hershey Company.
In February 2004, UMG Recordings, Inc. fined US $ 400,000 for COPPA offenses in connection with a website promoting 13-year-old pop star Lil 'Romeo and organizing children-oriented games and activities, and Bonzi Software, which offers animated "BonziBuddy" animation downloads that provide shopping advice, jokes, and trivial matters fined US $ 75,000 for violation of COPPA. Similarly, Xanga website owners were fined US $ 1 million in 2006 for repeated violations of COPPA allowing children under 13 to sign up for services without getting their parent's consent.
In 2016, the mobile ad network, inMobi was fined US $ 950,000 to track all user ages (13 and younger and older) geographically unnoticed. Advertising software keeps track of user's location despite the privacy preferences on mobile devices. Other websites intended for children and fined for COPPA include Imbee (2008) Kidswirl (2011), and Skid-e-Kids (2011).
Compliance
In December 2012, the Federal Trade Commission issues an effective revision of July 1, 2013, which creates additional parental notice and approval, changes the definition, and adds other obligations to organizations that (1) operate websites or online services "directed to children "under 13 and who collects" personal information "from users or (2) consciously collects personal information from people under 13 years of age through an online website or service. After July 1, 2013, the operator must:
- Submit a clear and comprehensive online privacy policy that describes its information practices for personal information collected online from people under the age of 13;
- Make reasonable efforts (taking into consideration available technology) to provide parents with immediate notification of operator practices related to the collection, use or disclosure of personal information of persons under the age of 13, including notice of material change against such practices. previously approved by parents;
- Obtain verifiable parental consent, with limited exceptions, prior to the collection, use, and/or disclosure of personal information from persons under the age of 13;
- Provide a reasonable means for parents to review personal information collected from their child and refuse to permit any further use or maintenance;
- Establish and maintain reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children under the age of 13, including by taking reasonable steps to disclose/release such personal information only to those who able to maintain its confidentiality and security; and
- Keep personal information collected online from a child only to the extent necessary to meet the purpose of collection and remove information using reasonable measures to protect against unauthorized access or use.
- The operator is prohibited to condition children's participation in online activities in children who provide more information than is reasonably necessary to participate in such activities.
According to a notice issued by the Federal Trade Commission, the operator has actual knowledge of the age of the user if the site or service requests - and receives - information from the user that enables it to determine the age of a person. Examples cited by the FTC include, the operator requesting the date of birth on the site registration page has actual knowledge as defined by COPPA if the user responds with a year indicating they are under 13. Another example cited by the FTC is that an operator may have actual knowledge based on answers to "age identify" questions like "How many of your classes?" or "What type of school are you looking for? (a) basic, (b) middle, (c) secondary school, (d) college."
A small fee is charged by Microsoft under COPPA as a way to verify parental consent. The fee is donated to the National Center for Missing and Exploited Children. Google, however, charges a small fee as a way to verify one's birth date.
In a July 1, 2013 change, the operator definition is updated to confirm that COPPA includes sites or services intended for children that integrate outside services, such as plug-ins or advertising networks, that collect personal information from their visitors. The definition of a website or online service intended for children is extended to include plug-ins or ad networks that have actual knowledge that they collect personal information through websites or online services intended for children. Websites and services that target children as secondary audiences may differentiate between users, and are required to provide notices and obtain parental consent only to users who identify themselves younger than 13. The definition of personal information requiring parental notices and consent before the collection now includes a "fixed identifier" that can be used to identify users over time and across various websites or online services. However, no parental notifications and consent are required when the carrier collects a permanent identifier for the sole purpose of supporting the website or internal operations of an online service. The definition of personal information after July 1, 2013, also includes geolocation information, as well as photos, videos, and audio files that contain a child's image or sound.
On November 19, 2015, the FTC announced it has approved an additional method for obtaining verifiable parental consent: "face matching for verified photo identification" (FMVPI). The two-step process allows parents to submit government-approved IDs for authentication, then send impromptu photos via a mobile device or web camera, which is then compared to the photo on the ID.
International scope
Although COPPA is an American law, the Federal Trade Commission has made it clear that the COPPA terms will apply to websites operated by foreign parties if the site is "directed to children in the US or intentionally collects information from children in the US" Because it is US Federal law, it applies only to websites that run:
- by a website under US jurisdiction;
- by a website hosted on a server in the US:;
- by a website with an owner headquartered in the U.S. territory; or
- by commercial websites available in the US market.
Criticism
COPPA is controversial and has been criticized as ineffective and potentially unconstitutional by lawyers and the mass media since it was drafted. Complaints made against legislation include website owners banning users 12 and below - which only "encourages age fraud and allows websites to bypass the burden of obtaining parental consent" - and an active emphasis on the rights of children to freedom of speech, expression self, and other First Amendment rights.
Delays in obtaining parental consent often result in children moving to other activities that are less appropriate for their age.
In addition, age restrictions and the "parental consent" process are easy for children to avoid, and parents usually help them lie about their age.
The Internet Security Technical Task Force comprised of experts from academics and commercial companies found in 2012 that mandatory age verification is not only a poor solution to privacy but also a privacy violation. The law also has many security flaws. For example, not protecting children from predatory advertising, it does not prevent children from accessing pornography or lying about their age, and that does not ensure a completely safe online environment. Technology journalist Larry Magid, an old vocal opponent of the law - also notes that parents, not governments, hold a great responsibility to protect children online. COPPA is also criticized for its potentially daunting effects on children's apps, content, websites, and online services. For example, Snapchat released Snapkidz version of its app in June 2013, but unlike Snapchat, Snapkidz does not allow photo sharing at all due to COPPA rules. Similarly, it has been shown that COPPA Rules are not always about privacy protection but more about "enforcing the law."
COPPA demands ($ 40,000 per violation) could potentially cause disaster for small businesses, damaging their business model. While some large companies have enough money to pay fines or apply parental consent mechanisms, small businesses often can not afford them.
With the advent of COPPA virtual education may not adequately represent the role of administrators, teachers, and schools in protecting students' privacy under the loco parentis assumption.
Mark Zuckerberg, co-founder and CEO of Facebook, has objected to COPPA and declared "That would be a fight we took at a certain point My philosophy is that for education you should start at a really young age."
See also
- Adultism
- California Online Privacy Protection Act (OPPA) is effective from 1 July 2004
- Children's Online Protection Act (COPA)
- Children's Protection Act
References
External links
- the Children's Online Privacy Protection Act (COPPA) of 1998, through the Federal Trade Commission
- 16 C.F.R. Section 312, the FTC Children's Online Privacy Protection Regulations, through the Government Printing Office
- Six Step Compliance Plan for Your Business through Federal Trade Commission, Business Center
- Children's Privacy, via the Federal Trade Commission
- FTC FAQ regarding COPPA compliance, via Federal Trade Commission
- CybertelecomÃ, :: COPPA Information on COPPA regulatory developments
Source of the article : Wikipedia
0 Comments