Operators of commercial websites that collect personal information from children or minors are subject to an increasing number of strict requirements under Federal and State laws and regulations, or that result from enforcement actions by the Federal Trade Commission, the State Attorneys General, and other agencies.
The United States is one of the few countries that pay special attention to the protection of children and minors’ personal data. Federal and state laws and regulations have been passed, and are continuously revised or expanded, in order to address the technological and cultural developments that affect the collection and processing of personal data about children and minors, such as the use of social media or the explosion of the mobile computing technologies.
The collection of children’s personal data is regulated primarily under the Children Online Privacy Protection Act (COPPA) and its related regulations. For example, website operators must notify parents and obtain their consent before collecting, using, and disclosing any personal data of children under 13. The Federal Trade Commission has assessed several $1 million fines against companies that collected or processed children personal data in violation of applicable laws.
The FTC is currently working on proposed regulations that will update the existing guidelines and regulations, and take into account the technological and cultural changes of the past ten years, in order to help website operators comply with COPPA and the FTC COPPA Rule, and ensure better protection of children and minors.
Federal and State Unfair and Deceptive Practices Acts are also frequently used to prosecute websites for their aggressive or careless practices in the handling of children and minors’ personal data.
In addition, several state laws regulate the use of children and minors’ personal data, such as in connection with the promotion of the sale of illegal or restricted substances.
State Attorneys General have prosecuted websites that illegally collected information about children. They have also initiated significant enforcement actions against social networking sites for their lax policies, requiring them to adopt specific measures intended to shield minors from child predators and sex offenders.
We regularly represent companies that operate websites that collect and use personal data of children and minors. Examples of projects include:
- Counseling companies on the requirements of COPPA and its regulations in connection with the proposed website directed towards children;
- Conducting website audits, in order to assess compliance with COPPA requirements and other applicable data protection laws;
- Drafting privacy policies and related materials required for a website to comply with its obligations under COPPA and other obligations;
- Preparing training material for client personnel, in order to explain the requirements of COPPA and other applicable laws;
- Conducting a global survey of applicable child data protection laws;
- Commenting on proposed regulations and requests for comments from the Federal Trade Commission.