What is COPPAOnline privacy is an important concern for people of all ages, especially in the Digital Age, but it is perhaps most important when it comes to the most vulnerable digital citizens: children. Parents must fight an uphill battle when it comes to their kids’ privacy, considering how connected nearly every aspect of life is these days — from voice-activated light bulbs to interactive, Internet-connected toys to apps geared specifically toward children as young as a few months in age. Although there are legal protections in place to keep the privacy of young children safe, not every company adheres to them as stringently as they should.

A recent class-action lawsuit filed in northern California against the Walt Disney Company serves as a prime example of this. The lawsuit alleges that 42 game apps distributed by the company and its partners violated the Children’s Online Privacy Protection Act (COPPA) by collecting and sharing children’s data without requesting or acquiring parental consent. This isn’t the first time Disney has been the subject of a COPPA violation suit, and it’s far from the only company which has found itself in hot water with the FTC for this reason. But what is COPPA in the first place, who (and what) does it protect and what is a parent’s role in all of this?

What is COPPA?

First enacted in 1998, the Children’s Online Privacy Protection Act, known as COPPA, is a law which outlines a set of rules that Internet-connected entities must follow when it comes to the data of children under the age of 13 who use their services. COPPA spells out what websites must include in their privacy policy, how to seek verifiable consent from a parent before collecting or using children’s personal data and what responsibilities they have when it comes to protecting children’s privacy and safety online. Any website that is directed at children under 13 which collects any sort of data about its users must adhere to COPPA, which is enforced by the FTC. These rules ensure that the personal information of children using a website (or other Internet-connected entity, such as the mobile apps at the center of the Disney lawsuit) is not collected or used without their parent giving informed consent.

How does COPPA protect kids online?

Since its inception, COPPA has undergone a series of changes over the years to accommodate for the ever-changing and expanding landscape of online communications. The original version of the law protected a child’s full name, mailing address, email address, phone number, social security number and any other potentially identifying information (e.g., hobbies). In 2013, COPPA was updated to cover the collection of photos, videos, audio recordings, usernames, IP addresses, location data and unique identification numbers associated with specific devices. Further revisions in June of this year take into account voice-activated devices and Internet of things devices, such as connected toys. In addition to websites and mobile apps, COPPA covers gaming platforms, social networks and voice over Internet protocol (VoIP) services which are specifically directed at children under 13.

Are there times COPPA doesn’t apply?

A good number of sites frequently used by kids, such as YouTube and Facebook, are not required to adhere to COPPA because they are meant for use by people ages 13 and older. The terms of service for many of these websites specifically stipulate that nobody under 13 can sign up for an account or participate, but that doesn’t necessarily mean there aren’t any children doing so anyway. Unfortunately, it’s easy to falsify a birth date when signing up for something without anyone being the wiser, and many children will do so if they are able to. However, since these websites are not knowingly collecting the data of children under 13, COPPA does not apply in this scenario. As an aside, some parents might wonder why children ages 13 and older are excluded from COPPA. According to the FTC, children under 13 are particularly vulnerable to online marketers and don’t have the capacity to understand the privacy and safety implications of sharing data online — though that isn’t to say that teenagers aren’t also vulnerable, just that they have a better ability to make smart decisions than their younger counterparts.

What can parents do to protect their children?

Although most child-oriented websites maintain strict adherence to COPPA, as lawsuits such as the one discussed in this post show, that’s not always the case. Furthermore, since the law does not apply to any website which is not specifically directed at children, it’s important for parents to fill in the gaps by monitoring what their kids do online. The dangers of your child’s data falling into the wrong hands can be devastating, as child identity theft is a real danger, and even if it’s simply being sold to third-party marketing companies, that’s still a privacy violation that most parents probably don’t want their child exposed to. It can be hard to know every single digital step your child takes, but there are ways to keep up. Utilizing built-in parental controls on devices, apps and websites can go a long way toward ensuring your kids don’t access things they shouldn’t. Dedicated parental control software can also be helpful, especially when it comes to preventing kids from accessing websites that don’t offer COPPA protection. In the event that you discover a website or app is in violation of COPPA, you can file a complaint with the FTC to notify them of the violation.

A parent’s job is never-ending when it comes to keeping their kids safe both online and offline. Follow our parental controls blog for more tips and information on how to stay on top of it.