COPPA—the Children’s Online Privacy Protection Act—was supposed to help guard our kids’ privacy on the internet. More than two decades after its passage, the results are mixed. Yes, COPPA protects some kids, but it is too narrow in scope and needs to be updated.
Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998 to give parents control over what kinds of information companies can gather about their kids and improve security. It’s designed to protect children who use the internet by requiring websites to post their online privacy policy along with a notice to parents to obtain consent before gathering data. Parents are also supposed to be able to access any information collected on their kids for review or to have it deleted.
COPPA applies to commercial websites and apps that are directed at kids aged 13 and under, leaving kids older than 13 unprotected. Personal information includes details such as the child’s first and last name, phone number, Social Security number and even geolocation data (your kid’s street and town). The court can levy penalties of up to $43,280 for each violation, according to Medium.
California Steps In
California has a tougher version, called the California Online Privacy Protection Act (CalOPPA). In the Golden State, CalOPPA applies to operators of online services, apps or commercial websites that collect information on individuals living in California. This means that the website itself does not need to be a business registered in the State of California, according to TermsFeed.
CalOPPA dictates that websites indicate what categories of personal information can be collected (such as email addresses and shipping addresses). Also to be listed are any third parties that might receive and process this information for the site.
As an example of repercussions, CalOPPA led to the California Attorney General fining app providers by as much as $2,500 each time they failed to provide compliance plans for collecting personally identifiable information.
Strengthening COPPA
Efforts to improve and strengthen COPPA are ongoing, as evidenced by the FTC hosting a recent public workshop called “The Future of the COPPA Rule.” As for future updates to legislation like COPPA, the FTC is not required to take action this year, with the next mandatory review being scheduled in 2023.
One area parents should be concerned about is whether the FTC should grant exceptions for education technology and equipment such as Google Home and Alexa that interact using voice recognition, as noted by a report from the New York Times. This issue is going to persist as long as people continue to make inquiries by voice. It’s grows in popularity for ease of use, but it also results in more personal data to potentially be harvested.
Another concern: the age limit. For the most part, we mark the age of legal adulthood at 18. The fact that COPPA cuts off protection for kids over 13 is a serious mistake. Is your 14-year-old not a kid?
COPPA protects, but on its own is an inadequate shield. Parents who care about their children’s online safety and privacy must be vigilant and set ground rules for computer, tablet and phone usage. Meantime, call your legislators and tell them you want a stronger, tougher COPPA.
Published with permission from PrivacyParent.