Children's Online Privacy Protection Act

The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law, located at 15 U.S.C. §§ 6501–6506 (Pub.L. 105–277, 112 Stat. 2681-728, enacted October 21, 1998).

The act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites disallow underage children from using their services altogether due to the cost and work involved in the law compliance.

Background

The Federal Trade Commission (FTC) has the authority to issue regulations and enforce COPPA. Also under the terms of COPPA, the FTC designated "safe harbor" provision is designed to encourage increased industry self-regulation. Under this provision, industry groups and others may request Commission approval of self-regulatory guidelines to govern participants' compliance, such that website operators in Commission-approved programs would first be subject to the disciplinary procedures of the safe harbor program in lieu of FTC enforcement. As of 17 May 2013, the FTC has granted safe harbor to six companies: Aristotle, Inc., PRIVO, TRUSTe, ESRB, CARU, and iKeepSafe.

Online Privacy Protection Act

The California Online Privacy Protection Act of 2003 (OPPA), effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect Personally identifiable information from California's residents are required to conspicuously post and comply with a privacy policy that meets certain requirements.

Requirements of the act

According to the act, the operator of a website must post a distinctive and easily found link to the website's privacy policy, commonly listed under the heading "Your California Privacy Rights". The privacy policy must detail the kinds of information gathered by the website, how the information may be shared with other parties, and, if such a process exists, describe the process the user can use to review and make changes to their stored information. It also must include the policy's effective date and a description of any changes since then.

The owner of a website can be subject to legal actions over OPPA within 30 days of being notified for not posting the privacy policy or not meeting the law's criteria. The owner could be faulted for his negligence, possibly even consciously, over his inability to comply with the act, which ultimately results to charges filed against him for this noncompliance.