The United States has relatively few restrictions on collecting information from children off-line. Efforts to collect information from children over the internet, however, are regulated by the Children’s Online Privacy Protection Act (“COPPA”). Among other things, COPPA requires that a website obtain parental consent prior to collecting information, post a specific form of privacy policy that complies with the statute, safeguard the information that is received from a child, and give parents certain rights, like the ability to review and delete their child’s information. COPPA also prohibits companies from requiring that children provide personal information in order to participate in activities, such as on-line games or sweepstakes.

283

Number of complaints received by the FTC about companies violating COPPA.1

$2.28 / Child

Estimate by one organization of the average fine per child imposed by the FTC .2

20+

Number of enforcement actions taken by the FTC.3

$4 million

The largest COPPA fine imposed by the FTC.4

The following are the most common complaints about children’s websites received by the FTC:

48.45% The website did not obtain proper parental consent
43.72% The website collected more personal information than was necessary
41.35% Parents were not given an opportunity to stop information from being disclosed to third parties
24.77% The website did not have a clear privacy policy
17.67% The website misrepresented how information was used

What to think about when reviewing your website:

  1. Does your website ask children to provide information?
  2. If not, does your website automatically collect information about a child’s computer or session?
  3. Would your website appeal to children?
  4. Has the FTC received complaints about your website? If so, how many and what issues were raised in the complaints?
  5. Does your website ask for parents’ permission to collect information about children?
  6. Does your website verify that the parent is the actual parent of a child?
  7. Has the verification mechanism been approved by the FTC?
  8. Does your website’s privacy policy comply with COPPA?
  9. Can you limit liability by joining an FTC approved self-regulatory organization (sometimes called a “safe harbor” program)?
  10. Which safe harbor program provides the most benefit to your organization?

Our sources:

1. Number of complaints currently maintained by FTC in Consumer Sentinel database as of November 30, 2017. FTC FOIA Response 2018-00257.

2. http://www.coppanow.com/averagecoppa/ (last viewed Nov. 2016).

3. FTC, 2014 Privacy and Data Security Update, https://www.ftc.gov/system/files/documents/reports/privacy-data-security-update-2014/privacydatasecurityupdate_2014.pdf

4. United States v. InMobi Pte Ltd, Case No. 3:16-cv-03474 (N.D. Cal. June 22, 2016), https://www.ftc.gov/system/files/documents/cases/160622inmobistip.pdf.

5. Based upon analysis of consumer complaints received by the FTC between January 2008 and August 2013.