Websites that are collecting information from children under the age of thirteen are required to comply with Federal Trade Commission ( FTC ) Children's Online Privacy Protection Act (COPPA).
Religion Wiki is an open encyclopedia. Every (anonymous) user is able to create or edit articles.
What is COPPA
COPPA - Children's Online Privacy Protection Act
TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION
SEC. 1301. SHORT TITLE.
This title may be cited as the "Children's Online Privacy Protection Act of 1998".
SEC. 1302. DEFINITIONS.
In this title:
(1) CHILD.—The term "child" means an individual under the age of 13.
(2) OPERATOR.—The term "operator"—
(A) means any person who operates a website located on the Internet or an online service and who collects or maintains personal information from or about the users of or visitors to such website or online service, or on whose behalf such information is collected or maintained, where such website or online service is operated for commercial purposes, including any person offering products or services for sale through that website or online service, involving commerce—
(i) among the several States or with 1 or more foreign nations;
(ii) in any territory of the United States or in the District of Columbia, or between any such territory and—
(I) another such territory; or
(II) any State or foreign nation; or
(iii) between the District of Columbia and any State, territory, or foreign nation; but
(B) does not include any nonprofit entity that would otherwise be exempt from coverage under section 5 of the Federal Trade Commission Act (15 U.S.C. 45).
(3) COMMISSION.—The term "Commission" means the Federal Trade Commission.
(4) DISCLOSURE.—The term "disclosure" means, with respect to personal information—
(A) the release of personal information collected from a child in identifiable form by an operator for any purpose, except where such information is provided to a person other than the operator who provides support for the internal operations of the website and does not disclose or use that information for any other purpose; and
(B) making personal information collected from a child by a website or online service directed to children or with actual knowledge that such information was collected from a child, publicly available in identifiable form, by any means including by a public posting, through the Internet, or through—
(i) a home page of a website;
(ii) a pen pal service;
(iii) an electronic mail service;
(iv) a message board; or
(v) a chat room.
(5) FEDERAL AGENCY.—The term "Federal agency" means an agency, as that term is defined in section 551(1) of title 5, United States Code.
(6) INTERNET.—The term "Internet" means collectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected worldwide network of networks that employ the Transmission Control Protocol/ Internet Protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio.
(7) PARENT.—The term "parent" includes a legal guardian.
(8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including—
(A) a first and last name;
(B) a home or other physical address including street name and name of a city or town;
(C) an e-mail address;
(D) a telephone number;
(E) a Social Security number;
(F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or
(G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.
(9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
(10) WEBSITE OR ONLINE SERVICE DIRECTED TO CHILDREN.—
(A) IN GENERAL.—The term "website or online service directed to children" means—
(i) a commercial website or online service that is targeted to children; or
(ii) that portion of a commercial website or online service that is targeted to children.
(B) LIMITATION.—A commercial website or online service, or a portion of a commercial website or online service, shall not be deemed directed to children solely for referring or linking to a commercial website or online service directed to children by using information location tools, including a directory, index, reference, pointer, or hypertext link.
(11) PERSON.—The term "person" means any individual, partnership, corporation, trust, estate, cooperative, association, or other entity.
(12) ONLINE CONTACT INFORMATION.—The term "online contact information" means an e-mail address or an-other substantially similar identifier that permits direct contact with a person online.
SEC. 1303. REGULATION OF UNFAIR AND DECEPTIVE ACTS AND PRACTICES IN CONNECTION WITH THE COLLECTION AND USE OF PERSONAL INFORMATION FROM AND ABOUT CHILDREN ON THE INTERNET.
(a) ACTS PROHIBITED.—
(1) IN GENERAL.—It is unlawful for an operator of a website or online service directed to children, or any operator that has actual knowledge that it is collecting personal information from a child, to collect personal information from a child in a manner that violates the regulations prescribed under subsection (b).
(2) DISCLOSURE TO PARENT PROTECTED.—Notwithstanding paragraph (1), neither an operator of such a website or online service nor the operator's agent shall be held to be liable under any Federal or State law for any disclosure made in good faith and following reasonable procedures in responding to a request for disclosure of per-sonal information under subsection (b)(1)(B)(iii) to the parent of a child.
(1) IN GENERAL.—Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate under section 553 of title 5, United States Code, regulations that—
(A) require the operator of any website or online service directed to children that collects personal information from children or the operator of a website or online service that has actual knowledge that it is collecting personal information from a child—
(i) to provide notice on the website of what information is collected from children by the operator, how the operator uses such information, and the operator's disclosure practices for such information; and
(ii) to obtain verifiable parental consent for the collection, use, or disclosure of personal information from children;
(B) require the operator to provide, upon request of a parent under this subparagraph whose child has provided personal information to that website or online service, upon proper identification of that parent, to such par-ent—
(i) a description of the specific types of personal information collected from the child by that operator;
(ii) the opportunity at any time to refuse to permit the operator's further use or maintenance in retrievable form, or future online collection, of personal information from that child; and
(iii) notwithstanding any other provision of law, a means that is reasonable under the circumstances for the parent to obtain any personal information collected from that child;
(C) prohibit conditioning a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity; and
(D) require the operator of such a website or online service to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.
(2) WHEN CONSENT NOT REQUIRED.—The regulations shall provide that verifiable parental consent under paragraph (1)(A)(ii) is not required in the case of—
(A) online contact information collected from a child that is used only to respond directly on a one-time basis to a specific request from the child and is not used to recontact the child and is not maintained in retrievable form by the operator;
(B) a request for the name or online contact information of a parent or child that is used for the sole purpose of obtaining parental consent or providing notice under this section and where such information is not maintained in retrievable form by the operator if parental consent is not obtained after a reasonable time;
(C) online contact information collected from a child that is used only to respond more than once directly to a specific request from the child and is not used to recontact the child beyond the scope of that request—
(i) if, before any additional response after the initial response to the child, the operator uses reasonable efforts to provide a parent notice of the online contact information collected from the child, the purposes for which it is to be used, and an opportunity for the parent to request that the operator make no further use of the information and that it not be maintained in retrievable form; or
(ii) without notice to the parent in such circumstances as the Commission may determine are appropriate, taking into consideration the benefits to the child of access to information and services, and risks to the security and privacy of the child, in regulations promulgated under this subsection;
(D) the name of the child and online contact information (to the extent reasonably necessary to protect the safety of a child participant on the site)—
(i) used only for the purpose of protecting such safety;
(ii) not used to recontact the child or for any other purpose; and
(iii) not disclosed on the site, if the operator uses reasonable efforts to provide a parent notice of the name and online contact information collected from the child, the purposes for which it is to be used, and an opportunity for the parent to request that the operator make no further use of the information and that it not be maintained in retrievable form; or
(E) the collection, use, or dissemination of such information by the operator of such a website or online service necessary—
(i) to protect the security or integrity of its website;
(ii) to take precautions against liability;
(iii) to respond to judicial process; or
(iv) to the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety. 1815
(3) TERMINATION OF SERVICE.—The regulations shall permit the operator of a website or an online service to terminate service provided to a child whose parent has refused, under the regulations prescribed under paragraph (1)(B)(ii), to permit the operator's further use or maintenance in retrievable form, or future online collection, of personal information from that child.
(c) ENFORCEMENT.—Subject to sections 1304 and 1306, a violation of a regulation prescribed under subsection (a) shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(d) INCONSISTENT STATE LAW.—No State or local government may impose any liability for commercial activities or actions by operators in interstate or foreign commerce in connection with an activity or action described in this title that is inconsistent with the treatment of those activities or actions under this section.
SEC. 1304. SAFE HARBORS.
(a) GUIDELINES.—An operator may satisfy the requirements of regulations issued under section 1303(b) by following a set of self-regulatory guidelines, issued by representatives of the marketing or online industries, or by other persons, approved under subsection (b).
(1) SELF-REGULATORY INCENTIVES.—In prescribing regulations under section 1303, the Commission shall provide incentives for self-regulation by operators to implement the protections afforded children under the regulatory requirements described in subsection (b) of that section.
(2) DEEMED COMPLIANCE.—Such incentives shall include provisions for ensuring that a person will be deemed to be in compliance with the requirements of the regulations under section 1303 if that person complies with guidelines that, after notice and comment, are approved by the Commission upon making a determination that the guidelines meet the requirements of the regulations issued under section 1303.
(3) EXPEDITED RESPONSE TO REQUESTS.—The Commission shall act upon requests for safe harbor treatment within 180 days of the filing of the request, and shall set forth in writing its conclusions with regard to such requests.
(c) APPEALS.—Final action by the Commission on a request for approval of guidelines, or the failure to act within 180 days on a request for approval of guidelines, submitted under subsection (b) may be appealed to a district court of the United States of appropriate jurisdiction as provided for in section 706 of title 5, United States Code.
SEC. 1305. ACTIONS BY STATES.
(a) IN GENERAL.—
(1) CIVIL ACTIONS.—In any case in which the attorney general of a State has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by the engagement of any person in a practice that violates any regulation of the Commission prescribed under section 1303(b), the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction to—
(A) enjoin that practice;
(B) enforce compliance with the regulation;
(C) obtain damage, restitution, or other compensation on behalf of residents of the State; or
(D) obtain such other relief as the court may consider to be appropriate.
(A) IN GENERAL.—Before filing an action under paragraph (1), the attorney general of the State involved shall provide to the Commission—
(i) written notice of that action; and
(ii) a copy of the complaint for that action.
(i) IN GENERAL.—Subparagraph (A) shall not apply with respect to the filing of an action by an attorney general of a State under this subsection, if the attorney general determines that it is not feasible to provide the notice described in that subparagraph before the filing of the action.
(ii) NOTIFICATION.—In an action described in clause (i), the attorney general of a State shall provide notice and a copy of the complaint to the Commission at the same time as the attorney general files the action.
(1) IN GENERAL.—On receiving notice under subsection (a)(2), the Commission shall have the right to intervene in the action that is the subject of the notice.
(2) EFFECT OF INTERVENTION.—If the Commission intervenes in an action under subsection (a), it shall have the right—
(A) to be heard with respect to any matter that arises in that action; and
(B) to file a petition for appeal.
(3) AMICUS CURIAE.—Upon application to the court, a person whose self-regulatory guidelines have been approved by the Commission and are relied upon as a defense by any defendant to a proceeding under this section may file amicus curiae in that proceeding.
(c) CONSTRUCTION.—For purposes of bringing any civil action under subsection (a), nothing in this title shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to—
(1) conduct investigations;
(2) administer oaths or affirmations; or
(3) compel the attendance of witnesses or the production of documentary and other evidence.
(d) ACTIONS BY THE COMMISSION.—In any case in which an action is instituted by or on behalf of the Commission for violation of any regulation prescribed under section 1303, no State may, during the pendency of that action, institute an action under subsection (a) against any defendant named in the complaint in that action for violation of that regulation.
(e) VENUE; SERVICE OF PROCESS.—
(1) VENUE.—Any action brought under subsection (a) may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code.
(2) SERVICE OF PROCESS.—In an action brought under subsection (a), process may be served in any district in which the defendant—
(A) is an inhabitant; or
(B) may be found.
SEC. 1306. ADMINISTRATION AND APPLICABILITY OF ACT.
(a) IN GENERAL.—Except as otherwise provided, this title shall be enforced by the Commission under the Federal Trade Commission Act (15 U.S.C. 41 et seq.).
(b) PROVISIONS.—Compliance with the requirements imposed under this title shall be enforced under—(1) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of—
(A) national banks, and Federal branches and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency;
(B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25(a) of the Federal Reserve Act (12 U.S.C. 601 et seq. and 611 et seq.), by the Board; and
(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System) and insured State branches of foreign banks, by the Board of Direc- tors of the Federal Deposit Insurance Corporation;
(2) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), by the Director of the Office of Thrift Supervision, in the case of a savings association the deposits of which are insured by the Federal Deposit Insurance Corporation;
(3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the National Credit Union Administration Board with respect to any Federal credit union;
(4) part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part;
(5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities subject to that Act; and
(6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration with respect to any Federal land bank, Federal land bank association, Federal intermediate credit bank, or production credit association.
(c) EXERCISE OF CERTAIN POWERS.—For the purpose of the exercise by any agency referred to in subsection (a) of its powers under any Act referred to in that subsection, a violation of any requirement imposed under this title shall be deemed to be a violation of a requirement imposed under that Act. In addition to its powers under any provision of law specifically referred to in subsection (a), each of the agencies referred to in that subsection may exercise, for the purpose of enforcing compliance with any requirement imposed under this title, any other authority conferred on it by law.
(d) ACTIONS BY THE COMMISSION.—The Commission shall prevent any person from violating a rule of the Commission under section 1303 in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this title. Any entity that violates such rule shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the same jurisdiction, power, and duties as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of this title.
(e) EFFECT ON OTHER LAWS.—Nothing contained in the Act shall be construed to limit the authority of the Commission under any other provisions of law.
SEC. 1307. REVIEW.
Not later than 5 years after the effective date of the regulations initially issued under section 1303, the Commission shall—
(1) review the implementation of this title, including the effect of the implementation of this title on practices relating to the collection and disclosure of information relating to children, children's ability to obtain access to information of their choice online, and on the availability of websites directed to children; and
(2) prepare and submit to Congress a report on the results of the review under paragraph (1).
SEC. 1308. EFFECTIVE DATE. Sections 1303(a), 1305, and 1306 of this title take effect on the later of—
(1) the date that is 18 months after the date of enactment of this Act; or
(2) the date on which the Commission rules on the first application filed for safe harbor treatment under section 1304 if the Commission does not rule on the first such application within one year after the date of enactment of this Act, but in no case later than the date that is 30 months after the date of enactment of this Act
How to comply with Children's Online Privacy Protection Act
The Federal Trade Commission staff prepared this guide to help you comply with the new requirements for protecting children's privacy online and understand the FTC's enforcement authority.
Who Must Comply
If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that you are collecting personal information from children, you must comply with the Children's Online Privacy Protection Act.
To determine whether a Web site is directed to children, the FTC considers several factors, including the subject matter; visual or audio content; the age of models on the site; language; whether advertising on the Web site is directed to children; information regarding the age of the actual or intended audience; and whether a site uses animated characters or other child-oriented features. *
To determine whether an entity is an "operator" with respect to information collected at a site, the FTC will consider who owns and controls the information; who pays for the collection and maintenance of the information; what the pre-existing contractual relationships are in connection with the information; and what role the Web site plays in collecting or maintaining the information.
The Children's Online Privacy Protection Act and Rule apply to individually identifiable information about a child that is collected online, such as full name, home address, email address, telephone number or any other information that would allow someone to identify or contact the child. The Act and Rule also cover other types of information -- for example, hobbies, interests and information collected through cookies or other types of tracking mechanisms -- when they are tied to individually identifiable information.
An operator must post a link to a notice of its information practices on the home page of its Web site or online service and at each area where it collects personal information from children. An operator of a general audience site with a separate children's area must post a link to its notice on the home page of the children's area.
The link to the privacy notice must be clear and prominent. Operators may want to use a larger font size or a different color type on a contrasting background to make it stand out. A link in small print at the bottom of the page -- or a link that is indistinguishable from other links on your site -- is not considered clear and prominent.
The notice must be clearly written and understandable; it should not include any unrelated or confusing materials. It must state the following information:
The name and contact information (address, telephone number and email address) of all operators collecting or maintaining children's personal information through the Web site or online service. If more than one operator is collecting information at the site, the site may select and provide contact information for only one operator who will respond to all inquiries from parents about the site's privacy policies. Still, the names of all the operators must be listed in the notice. *
The kinds of personal information collected from children (for example, name, address, email address, hobbies, etc.) and how the information is collected -- directly from the child or passively, say, through cookies. *
How the operator uses the personal information. For example, is it for marketing back to the child? Notifying contest winners? Allowing the child to make the information publicly available through a chat room? *
Whether the operator discloses information collected from children to third parties. If so, the operator also must disclose the kinds of businesses in which the third parties are engaged; the general purposes for which the information is used; and whether the third parties have agreed to maintain the confidentiality and security of the information. *
That the parent has the option to agree to the collection and use of the child's information without consenting to the disclosure of the information to third parties. *
That the operator may not require a child to disclose more information than is reasonably necessary to participate in an activity as a condition of participation. *
That the parent can review the child's personal information, ask to have it deleted and refuse to allow any further collection or use of the child's information. The notice also must state the procedures for the parent to follow.
Direct Notice to Parents
The notice to parents must contain the same information included on the notice on the Web site. In addition, an operator must notify a parent that it wishes to collect personal information from the child; that the parent's consent is required for the collection, use and disclosure of the information; and how the parent can provide consent. The notice to parents must be written clearly and understandably, and must not contain any unrelated or confusing information. An operator may use any one of a number of methods to notify a parent, including sending an email message to the parent or a notice by postal mail.
Verifiable Parental Consent
Before collecting, using or disclosing personal information from a child, an operator must obtain verifiable parental consent from the child's parent. This means an operator must make reasonable efforts (taking into consideration available technology) to ensure that before personal information is collected from a child, a parent of the child receives notice of the operator's information practices and consents to those practices.
Until April 2002, the FTC will use a sliding scale approach to parental consent in which the required method of consent will vary based on how the operator uses the child's personal information. That is, if the operator uses the information for internal purposes, a less rigorous method of consent is required. If the operator discloses the information to others, the situation presents greater dangers to children, and a more reliable method of consent is required. The sliding scale approach will sunset in April 2002 subject to a Commission review planned for October 2001.
Operators may use email to get parental consent for all internal uses of personal information, such as marketing back to a child based on his or her preferences or communicating promotional updates about site content, as long as they take additional steps to increase the likelihood that the parent has, in fact, provided the consent. For example, operators might seek confirmation from a parent in a delayed confirmatory email, or confirm the parent's consent by letter or phone call.
When operators want to disclose a child's personal information to third parties or make it publicly available (for example, through a chat room or message board), the sliding scale requires them to use a more reliable method of consent, including:
getting a signed form from the parent via postal mail or facsimile; *
accepting and verifying a credit card number in connection with a transaction; *
taking calls from parents, through a toll-free telephone number staffed by trained personnel; *
email accompanied by digital signature;
But in the case of a monitored chat room, if all individually identifiable information is stripped from postings before it is made public -- and the information is deleted from the operator's records -- an operator does not have to get prior parental consent.
Disclosures to Third Parties
An operator must give a parent the option to agree to the collection and use of the child's personal information without agreeing to the disclosure of the information to third parties. However, when a parent agrees to the collection and use of their child's personal information, the operator may release that information to others who uses it solely to provide support for the internal operations of the website or service, including technical support and order fulfillment.
The regulations include several exceptions that allow operators to collect a child's email address without getting the parent's consent in advance. These exceptions cover many popular online activities for kids, including contests, online newsletters, homework help and electronic postcards .
Prior parental consent is not required when:
an operator collects a child's or parent's email address to provide notice and seek consent; *
an operator collects an email address to respond to a one-time request from a child and then deletes it; *
an operator collects an email address to respond more than once to a specific request -- say, for a subscription to a newsletter. In this case, the operator must notify the parent that it is communicating regularly with the child and give the parent the opportunity to stop the communication before sending or delivering a second communication to a child; *
an operator collects a child's name or online contact information to protect the safety of a child who is participating on the site. In this case, the operator must notify the parent and give him or her the opportunity to prevent further use of the information; *
an operator collects a child's name or online contact information to protect the security or liability of the site or to respond to law enforcement, if necessary, and does not use it for any other purpose.
October 2001/April 2002
In October 2001, the Commission will seek public comment to determine whether technology has progressed and whether secure electronic methods for obtaining verifiable parental consent are widely available and affordable. Subject to the Commission's review, the sliding scale will expire in April 2002. Until then, operators are encouraged to use the more reliable methods of consent for all uses of children's personal information.
New Notice for Consent
An operator is required to send a new notice and request for consent to parents if there are material changes in the collection, use or disclosure practices to which the parent had previously agreed. Take the case of the operator who got parental consent for a child to participate in contests that require the child to submit limited personal information, but who now wants to offer the child chat rooms. Or, consider the case of the operator who wants to disclose the child's information to third parties who are in materially different lines of business from those covered by the original consent -- for example, marketers of diet pills rather than marketers of stuffed animals. In these cases, the Rule requires new notice and consent.
At a parent's request, operators must disclose the general kinds of personal information they collect online from children (for example, name, address, telephone number, email address, hobbies), as well as the specific information collected from children who visit their sites. Operators must use reasonable procedures to ensure they are dealing with the child's parent before they provide access to the child's specific information.
They can use a variety of methods to verify the parent's identity, including:
obtaining a signed form from the parent via postal mail or facsimile; *
accepting and verifying a credit card number; *
taking calls from parents on a toll-free telephone number staffed by trained personnel; *
email accompanied by digital signature; *
email accompanied by a PIN or password obtained through one of the verification methods above.
Operators who follow one of these procedures acting in good faith to a request for parental access are protected from liability under federal and state law for inadvertent disclosures of a child's information to someone who purports to be a parent.
Revoking & Deleting
At any time, a parent may revoke his/her consent, refuse to allow an operator to further use or collect their child's personal information, and direct the operator to delete the information. In turn, the operator may terminate any service provided to the child, but only if the information at issue is reasonably necessary for the child's participation in that activity. For example, an operator may require children to provide their email addresses to participate in a chat room so the operator can contact a youngster if he is misbehaving in the chat room. If, after giving consent, a parent asks the operator to delete the child's information, the operator may refuse to allow the child to participate in the chat room in the future. If other activities on the Web site do not require the child's email address, the operator must allow the child access to those activities.
The Rule covers all personal information collected after April 21, 2000, regardless of any prior relationship an operator has had with a child. For example, if an operator collects the name and email address of a child before April 21, 2000, but plans to seek information about the child's street address after that date, the later collection would trigger the Rule's requirements. In addition, come April 21, 2000, if an operator continues to offer activities that involve the ongoing collection of information from children -- like a chat room -- or begins to offer such activities for the first time, notice and consent are required for all participating children regardless of whether the children had already registered at the site.
Industry groups or others can create self-regulatory programs to govern participants' compliance with the Children's Online Privacy Protection Rule . These guidelines must include independent monitoring and disciplinary procedures and must be submitted to the Commission for approval. The Commission will publish the guidelines and seek public comment in considering whether to approve the guidelines. An operator's compliance with Commission-approved self-regulatory guidelines will generally serve as an Asafe harbor" in any enforcement action for violations of the Rule.
The Commission may bring enforcement actions and impose civil penalties for violations of the Rule in the same manner as for other Rules under the FTC Act. The Commission also retains authority under Section 5 of the FTC Act to examine information practices for deception and unfairness, including those in use before the Rule's effective date. In interpreting Section 5 of the FTC Act, the Commission has determined that a representation, omission or practice is deceptive if it is likely to:
mislead consumers; and *
affect consumers' behavior or decisions about the product or service.
Specifically, it is a deceptive practice under Section 5 to represent that a Web site is collecting personal identifying information from a child for one reason (say, to earn points to redeem a premium) when the information will be used for another reason that a parent would find material -- and when the Web site does not disclose the other reason clearly or prominently.
In addition, an act or practice is unfair if the injury it causes, or is likely to cause, is:
not outweighed by other benefits; and *
not reasonably avoidable.
For example, it is likely to be an unfair practice in violation of Section 5 to collect personal identifying information from a child, such as email address, home address or phone number, and disclose that information to a third party without giving parents adequate notice and a chance to control the collection and use of the information.
Need to know
- Religion Wiki Wikia sites are hosted on Servers based in the United States
- Religion Wiki Website is hosted on servers based in the Netherlands. Although the website is not under the US Law we are using COPPA under our general guidelines