Complying with COPPA And Frequently Asked Concerns

Complying with COPPA And Frequently Asked Concerns


1. I wish to have competition back at my child-directed site. Am I able to make use of the Rule’s “one-time contact” exclusion rather than get parental permission?

Yes, if you correctly design your competition. You might use the “one time contact” exception then only contact such children once when the contest ends to notify them if they have won or lost if you collect children’s online contact information, and only this information, to enter them in the contest, and. At that time, you have to delete the contact that is online you’ve got gathered.

If, nonetheless, you anticipate to get hold of the children multiple time, you have to make use of the exception that is“multiple-contact” that you can additionally needs to gather a parent’s online contact information and supply moms and dads with direct notice of the information techniques and a way to choose away. The Rule prohibits you from using the children’s online contact information for any other purpose, and requires you to ensure the security of the information, which is particularly important if the contest runs for any length of time in either case.

If you want to gather any information from children online beyond online email address associated with contest entries – such as for instance gathering a winner’s house target to mail a reward – you have to first offer moms and dads with direct notice and get verifiable parental permission, while you would for any other kinds of private information collection beyond online contact information. Should you choose need certainly to have a mailing address and desire to stay inside the one-time exception, you may possibly ask the little one to supply their parent’s online contact information and usage that identifier to alert the moms and dad in the event that youngster wins the competition. In your reward notification message to your moms and dad, you may possibly ask the moms and dad to present home mailing target to deliver the reward, or ask the moms and dad to phone a phone quantity to offer the mailing information.

2. I’ve a child-directed web site that comes with an “Ask the Author” part where young ones can e-mail concerns to featured writers. Do i have to offer notice and acquire parental consent?

Then delete the child’s email address (and do not otherwise maintain or store the child’s personal information in any form), then you fall into the Rule’s “one-time contact” exception and do not need to obtain parental consent if you simply answer the child’s question and.

3. We offer e-cards as well as the cap cap ability for children to forward components of interest for their buddies on my child-directed software. May I make use of one of many Rule’s exceptions to consent that is parental should I notify moms and dads and get permission with this task?

The solution depends upon the manner in which you design your e-card or system that is forward-to-a-friend. Any system supplying any possibility to expose information that is personal compared to the recipient’s email calls for you to definitely get verifiable permission through the sender’s moms and dad (not e-mail plus), and will not fall within one of COPPA’s limited exceptions. Which means that if the e-card/forward-to-a-friend system allows information that is personal to be disclosed either in the “from” or “subject” lines, or perhaps in your body regarding the message, then you definitely must alert the sender’s moms and dad and acquire verifiable parental permission before collecting any information that is personal through the son or daughter.

So that you can make use of COPPA’s “one-time contact exclusion” for the e-cards, you could just gather the recipient’s email address (and, if desired, the transmitter or recipient’s very very first title); you might not gather some other private information either through the transmitter or even the receiver, including persistent identifiers that monitor the consumer with time and across sites. More over, so that you can fulfill this one-time contact exclusion, your e-card system should never enable the transmitter to enter her complete name, her e-mail address, or even the recipient’s complete name. Nor may you permit the transmitter to easily type messages either in the topic line or in any text industries associated with the e-card.

Finally, you ought to deliver the e-card straight away and immediately delete the recipient’s email address soon after giving. Then this collection parallels the conditions for the Rule’s “multiple contact exception” for obtaining verifiable parental consent if you choose to retain the recipient’s email address until some point in the future (e.g., until the e-card is opened by the recipient, or you allow the sender to indicate a date in the future when the e-card should be sent. In this situation, you have to gather the sender’s parent’s e-mail target and supply notice and a chance to opt away to your sender’s moms and dad ahead of the e-card is delivered. See 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59888, 59902 n.222.