Skip Navigation
B. COPPA ENFORCEMENT. 1. So how exactly does the FTC enforce the Rule?

B. COPPA ENFORCEMENT. 1. So how exactly does the FTC enforce the Rule?

Details about the FTC’s COPPA enforcement actions are available by simply clicking the Case Highlights website website link into the FTC’s company Center. Moms and dads, customer teams, industry people, yet others that think an operator is breaking COPPA may submit complaints towards the FTC through the FTC’s site, www., or cost free number, (877) FTC-HELP.

2. Do you know the charges for breaking the Rule?

A court can take operators whom violate the Rule accountable for civil penalties as much as $43,280 per violation. The actual quantity of civil charges a court assesses risk turning for range facets, such as the egregiousness for the violations, whether or not the operator has formerly violated the Rule, the sheer number of kiddies included, the quantity and form of private information accumulated, exactly exactly how the details ended up being utilized, whether or not it had been distributed to 3rd events, and also the size of the business. Information regarding the FTC’s COPPA enforcement actions, like the levels of civil charges acquired, is found by simply clicking the full Case Highlights website link into the FTC’s company Center.


3. Can the states or any other government that is federal enforce COPPA?

Yes. COPPA provides states and specific federal agencies authority to enforce compliance with respect to entities over that they have actually jurisdiction. Within the past, Texas and nj have actually brought COPPA enforcement actions. See https: //www. Oag. State. Php? Id=2288 (Dec. 2007), and http: //www. Html (2012) june. In addition, particular agencies that are federal like the Office associated with the Comptroller for the Currency and also the Department of Transportation, have the effect of managing COPPA conformity when it comes to certain companies they control.

4. Exactly What can I do if my internet site or software does not adhere to the Rule?

First, you must stop collecting, disclosing, or using personal information from children under age 13 until you get your website or online service into compliance.

2nd, very very carefully review your data methods along with your privacy that is online policy. In performing your review, look closely at exactly exactly exactly what information you collect, the method that you collect it, the manner in which you put it to use, if the info is essential for the actions on your web web site or online solution, whether you’ve got sufficient mechanisms for supplying moms and dads with notice and getting verifiable permission, whether you’ve got sufficient options for moms and dads to examine and delete their children’s information, and whether you utilize sufficient information protection, retention, and removal techniques.

Academic materials targeted at operators of sites and online solutions are for sale in the Children’s Privacy area of the FTC’s company Center. See also promoting Your Cellphone App: obtain it straight away. You can be provided by these materials with helpful guidance. You could also decide to check with one of many Commission-approved COPPA secure Harbor products or look for the advice of counsel.

5. Are web sites and online services operated by nonprofit businesses susceptible to the Rule?

COPPA expressly states that what the law states relates to commercial internet sites and online solutions and never to nonprofit entities that otherwise will be exempt from protection under Section 5 associated with FTC Act. These entities are not subject to the Rule in general, because many types of nonprofit entities are not subject to Section 5 of the FTC Act. Nevertheless, nonprofit entities that run when it comes to revenue of the commercial users could be susceptible to the Rule. See FTC v. California Dental Association, 526 U.S. 756 (1999). The FTC encourages such entities to post privacy policies online and to provide COPPA’s protections to their child visitors although nonprofit entities generally are not subject to COPPA.

6. Does COPPA connect with web sites and online solutions operated by the government?

As a question of federal policy, all sites and online services operated because of the government and contractors running with respect to federal agencies must adhere to the criteria established in COPPA. See OMB Guidance for applying the Privacy conditions of this E-Government Act of 2002 (Sept. 2003).

7. The web is just a medium that is global. Do sites and online solutions developed and run abroad need to adhere to the Rule?

Foreign-based internet sites and online solutions must adhere to COPPA should they knowingly collect personal information from children in the U.S. The law’s definition of “operator” includes foreign-based websites and online services that are involved in commerce in the United States or its territories if they are directed to children in the United States, or. As a associated matter, U.S. -based web web web sites and solutions that gather information from international young ones are also susceptible to COPPA.


1. My child-directed internet site does not gather any private information. Do I nevertheless want to upload an online privacy policy online?

COPPA applies simply to those web sites and online solutions that accumulate, use, or reveal private information from young ones. Nonetheless, the FTC advises that most sites and services that are online especially those directed to children – post privacy policies online so visitors can quickly find out about the operator’s information techniques. See Cellphone Apps for youngsters: Disclosures Nevertheless Not Making the level (Dec. 2012) and mobile phone Apps for children: Current Privacy Disclosures are Disappointing (Feb. 2012).

2. Just What information should I use in my online privacy policy?

Section 312.4(d) of this amended Rule identifies the info that really must be disclosed in your privacy that is online policy. The amended Rule now takes a shorter, more streamlined approach to cover the information collection and use practices most critical to parents while the original Rule required operators to provide extensive categories of information in their online privacy notices. Beneath the amended Rule, the web notice must state listed here three types of information:

  • The title, address, cell phone number, and email of most operators gathering or keeping information that is personal the website or solution (or, after detailing all such operators, offer the email address for starters which will manage all inquiries from moms and dads);
  • A description of exactly just exactly what information the operator gathers from young ones, including whether or not the operator allows kiddies to help make their private information publicly available, the way the operator makes use of information that is such additionally the operator’s disclosure methods for such information; and
  • That the parent can review or have deleted the child’s private information and will not permit its further collection or use, and state the procedures for performing this. See 16 C.F.R. § 312.4(d) (“notice on line web web site or online service”).

By streamlining the Rule’s on line notice needs, the Commission hopes to encourage operators to offer clear, concise explanations of these information methods, which might have the added advantageous asset of being simpler to keep reading smaller displays (age.g., those on smart phones or other Internet-enabled mobile phones).

3. Could I consist of marketing materials within my online privacy policy?

No. The Rule requires that privacy policies needs to be “clearly and understandably written, complete, and must include no not related, confusing, or contradictory materials. ” See 16 C.F.R. § 312.4(a) (“General axioms of notice”).

4. We currently have a privacy for my children’s software. Do I need certainly to change it out to comply with the amended COPPA Rule?

This will depend. The amended Rule expands the kinds of information which are considered “personal. ” See 16 C.F.R. § 312.2 (concept of information that is personal). Consequently, you ought to test thoroughly your information collection techniques to ascertain you to notify parents and obtain their consent whether you are collecting information from children that is now considered personal under the Rule, and that now may require. In addition, you ought to review the amended Rule’s requirements for the shape and content of privacy notices to ensure that your direct notices (see FAQ C. 11 below) and online privacy policies comply (see FAQ C. 2 above). See 16 C.F.R. § b that is 312.4( and (d).