What Does It Mean To Be COPPA Compliant?

As parents, you’re sure to be hesitant about raising children in a digital world – how can you make sure their privacy and data stay safe online? This is particularly important when it comes to online education. In an effort to protect children online, the federal government enacted The Children's Online Privacy and Protection Act (COPPA) in 1998.

The aim of COPPA is to protect the privacy and personal details online of children 13 and under. It put strict laws in place to stop children from being personally identified online, and it also allows parents to control and monitor what information is shared online about their young ones.

However, exactly what does it mean to be COPPA compliant? Because schools and online learning services require access to information about your child, here’s what parents need to know about the importance of COPPA – an essential step in keeping your children safe online.

COPPA compliance checklist
How do I comply with COPPA? This is a question everyone who handles data of children under 13 should be asking themselves, as COPPA applies to any data that could be used to work out the identity of a child. This includes details like full name, address, photos, geolocation data, and Social Security number.

Generally, any website, online service, or app that allows users under 13 and is based within the US needs to be COPPA compliant. This includes online classrooms and school districts offering remote learning, tutoring programs, or any virtual educational tool.

What is COPPA compliance?
Below are some of the main requirements to be compliant with COPPA – all online businesses that allow children to join must meet each of these.

1. Obtain parental consent
Before a child under 13 can sign up for anything online, including a game, learning app, or website, parental consent needs to be obtained. This can be done in multiple ways, including email, phone call, or online registration form.

If your child has access to a tablet and is able to sign up for an educational game, for example, that game manufacturer is in violation of COPPA if their infrastructure allows children to sign up without parental permission.

2. Post a visible privacy policy
A website also must have a prominently placed privacy policy – not one hidden away via a small link at the bottom of the page. It must be on the homepage and easy to find.

Within the privacy policy, each company must explain how the child’s data is collected, how it’s stored, and what it will be used for. COPPA also stipulates that these details must be written in a simple way that any parent can understand, as some companies intentionally write vague and/or complex policies to confuse readers.

If you’re signing your child up for a new online learning website, make sure you understand the privacy policy and how it applies to your student.

Should a company make any changes to their privacy policy, they must notify parents directly.

3. Keep personal data secure
COPPA requires that all data on children be kept private and secure, and that it isn’t sold to any third party. Parents should be able to know exactly how the data is being stored, with the ability to review it at any time.

This is important, as many websites used by adults will sell or trade data to advertisers or other similar businesses, or use it for targeted marketing campaigns. However, to protect the privacy of children, COPPA bans this practice.

4. Only store personal data as long as necessary
A business should only retain a child’s personal details for as long as necessary. When data is no longer needed, it should no longer be saved. A company also should only collect the data needed for using the website or online program – it’s against the rules to collect data not directly related to the business.

5. Provide notice to parents about how and why data will be used
Parents have to be given a written notice before any personal information is collected by a website. This notice explains what information will be collected, along with how and why it will be stored.

What happens if you don't comply with COPPA?
COPPA is overseen by the Federal Trade Commission (FTC). The act outlines the penalties for violations, which can result in fines up to $46,517 per violation. COPPA can be enforced on both a state and federal level.

Violations are brought to the attention of the FTC by a toll-free number that parents, teachers, or consumer action groups can call. One violation that received massive media attention was that of video-sharing platform TikTok, which paid a $5.7 million fine in 2019 for not seeking parental permission before children joined the site.

How can parents use COPPA to keep their children safe?
As a parent, it’s important to do your due diligence before letting students sign up for any website, whether it’s for digital education or a social media platform. To help keep your child safe, thoroughly review each website to ensure it meets the COPPA requirements listed above.

If it doesn’t, think twice before letting your child join or contact the website directly with any questions.

Remember also – while COPPA is only a legal requirement for websites used by children under 13, that doesn’t mean teens are considered adults. COPPA recommends that websites aimed at teenagers also follow the above requirements, even though they’re not directly protected under COPPA.

Sadly, not all websites have the best interest of your child at heart, so make COPPA compliance a priority whenever your child is using the internet, studying online, or playing on their device.

 

Featured image by Giovanni Gagliardi on Unsplash