Collecting Information from Children Online – the COPPA Rules

The COPPA Rules

Parents, do you know that there is a rule about collecting information from children online? The COPPA Rules prevent websites from  collecting their personal information online without your permission?  And, authors are your blogs and websites collecting information from children under 13? Do you know if your blog or website is in compliance the rule?  I should share that this was written with the laws of the US in mind. If you aren’t in the US, you may want to check your country’s laws.

The rule is called the Children’s Online Privacy Protection Act (COPPA). I discovered it when researching the rules for collecting email addresses for my target audience, children ages 6 to 8 years old. I want to send notification emails when I’ve posted new artwork for children to download and color. There are very strict requirements when collecting information from children online so that children are protected.  Basically, those who are running a website, or online service or App, which collects personal information from children under 13 years old are required to adhere to strict guidelines.

Collecting Information from Children Online – the COPPA Rules

According to the Federal Trade Commission COPPA defines personal information as:

  • “First and last name;
  • A home or other physical address including street name and name of a city or town;
  • Online contact information;
  • A screen or user name that functions as online contact information;
  • A telephone number;
  • A social security number;
  • A persistent identifier that can be used to recognize a user over time and across different websites or online services;
  • A photograph, video, or audio file, where such file contains a child’s image or voice;
  • Geolocation information sufficient to identify street name and name of a city or town; or
  • Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described above.”

International No Symbol.jpg

The Do Not Track Kids Act was originally introduced in 2011, but did not pass. It has been reintroduced during November 2013 to raise the age limit to include 13 to 15 year olds. I have not been able to confirm that it was passed.

Some of the high points of COPPA include a requirement for the website operator to state the intended use of the information collected on the website and whether it will be provided to any other third-party operators such as plug-ns and advertising networks. If any third-party operators have access to the child’s personal information, then their privacy policy must also be disclosed on the primary operator’s website.  The act suggests that the privacy policy be in a different color and font so that the information does not blend into the rest of the page. This information must be obvious and cannot be disguised in fine print. The Bureau of Consumer Protection has created a guideline which organizations can use to ensure that their websites are in compliance. This blog post is a synopsis and does not include all of the points required by COPPA. I highly recommend you carefully review the Bureau’s guideline.

Website operators are to contact the parents directly for permission before collecting any information from their children. The notification is to be clear and understandable, and parents are to be given the opportunity to consent to or deny permission for the collection of the child’s information. The site must also make it clear how to unsubscribe from membership. Newsletters must have a link to unsubscribe from the site. If a parent or child unsubscribes, then the operator must delete the personal information from the collection lists. Finally, the website or App operator must be able to prove that a parent provided permission for the collection of the child’s information, if questioned.

Originally posted January 5, 2014 on

Leave a Reply

Your email address will not be published.