The Children's Online Privacy Protection Act (COPPA) becomes effective April 21, 2000. Many companies are concerned about the potential for legal liability associated with the posting of privacy policies on their websites. The new regulations apply to the online collection of personal information from children under age 13.
In general, if you operate a commercial website or an online service directed to children under the age of 13 or if you operate a general audience website and have actual knowledge that your site collects personal information from children, you must comply with COPPA.
COPPA applies to individually identifiable information about children that is collected online, such as a child's full name, home address, email address, telephone number or any other information that would allow someone to identify or contact the child. COPPA also covers other types of information, such as hobbies, interests and information collected through cookies or other types of tracking mechanisms when such information is tied to individually identifiable information. In certain circumstances, COPPA requires prior verifiable parental consent. Further, the prominence of the posted privacy policy, including the font size and placement of the policy, is discussed in detail under the applicable regulations.
More broadly, the posting of privacy policies online has been the subject of recent lawsuits and legislative scrutiny. Please review your posted privacy policies and to consider whether these should be updated or revised. In addition, if you do not have a current privacy policy, please consider whether one should be added to your website pursuant to the new regulations. Please consider this issue not only in the context of what is legal, but also in the context of what is advisable in the marketplace.
COPPA is important new legislation. A copy of the Act can be found at 15 U.S.C. 6501-6505. A copy of the final regulations promulgated by the FTC can be found at 16 CFR Part 312.