A court can hold operators who violate the Rule liable for civil penalties of up to ,654 per violation.

The amount of civil penalties a court assesses may turn on a number of factors, including the egregiousness of the violations, whether the operator has previously violated the Rule, the number of children involved, the amount and type of personal information collected, how the information was used, whether it was shared with third parties, and the size of the company. In addition, certain federal agencies, such as the Office of the Comptroller of the Currency and the Department of Transportation, are responsible for handling COPPA compliance for the specific industries they regulate.

The amended Rule defines personal information to include: The amended Rule, which goes into effect on July 1, 2013, added four new categories of information to the definition of personal information.

In some circumstances, this may mean that children are able to register on a site or service in violation of the operator’s Terms of Service.

If, however, the operator later determines that a particular user is a child under age 13, COPPA’s notice and parental consent requirements will be triggered.

The following FAQs are intended to supplement the compliance materials available on the FTC website. COPPA required the Federal Trade Commission to issue and enforce regulations concerning children’s online privacy.

In addition, you may send questions or comments to the FTC staff’s COPPA mailbox, Coppa Hot [email protected] The Commission’s original COPPA Rule became effective on April 21, 2000.

You might also choose to consult with one of the Commission-approved COPPA Safe Harbor Programs or seek the advice of counsel. If you wish to keep your online privacy policy simple, you may include a clear and prominent link in the privacy policy to the complete list of operators, as opposed to listing every operator in the policy itself. In fact, the FTC Staff Report, Mobile Apps for Kids: Disclosures Still Not Making the Grade (Dec. The amended Rule significantly changed the format and content of the information that must be included in an operator’s direct notice to parents.

COPPA expressly states that the law applies to commercial websites and online services and not to nonprofit entities that otherwise would be exempt from coverage under Section 5 of the FTC Act. Although nonprofit entities generally are not subject to COPPA, the FTC encourages such entities to post privacy policies online and to provide COPPA’s protections to their child visitors. You must ensure, however, that your privacy policy signals parents to, and enables them easily to access, this list of operators. 2012) notes that “information provided prior to download is most useful in parents’ decision-making since, once an app is downloaded, the parent already may have paid for the app...” p. Further, if a child-directed app were designed to collect personal information as soon as it is downloaded, it would be necessary to provide the direct notice and obtain verifiable consent at the point of purchase or to insert a landing page where a parent can receive notice and give consent before the download is complete. This advice remains in effect under the amended Rule. The Rule now provides a very detailed roadmap of what information must be included in your direct notice depending upon what personal information is collected and for what purposes.This document represents the views of FTC staff and is not binding on the Commission. PARENTAL ACCESS TO CHILDREN’S PERSONAL INFORMATIONK. The Commission issued an amended Rule on December 19, 2012. The primary goal of COPPA is to place parents in control over what information is collected from their young children online.To view the Rule and compliance materials, go to the FTC's COPPA page for businesses. GENERAL AUDIENCE, TEEN, AND MIXED-AUDIENCE SITES OR SERVICESH. The Rule was designed to protect children under age 13 while accounting for the dynamic nature of the Internet.Marketing Your Mobile App: Get it Right From the Start. The Commission does not consider ‘clear and prominent’ a link that is in small print at the bottom of the home page, or a link that is indistinguishable from a number of other, adjacent links.” mandate that a privacy policy be posted at the point of purchase; rather, the Rule requires that it be posted on the home or landing screen.These materials can provide you with helpful guidance. The amended Rule states that the “operator must post a prominent and clearly labeled link to an online notice of its information practices with regard to children on the home or landing page or screen of its Web site or online service, at each area of the Web site or online service where personal information is collected from children.” 16 C. However, there is a substantial benefit in providing greater transparency about the data practices and interactive features of child-directed apps at the point of purchase and we encourage it as a best practice. The Rule requires operators to make reasonable efforts, taking into account available technology, to ensure that a parent of a child receives direct notice of the operator’s practices with regard to the collection, use, or disclosure of personal information from children, including notice of any material changes to practices to which the parent previously consented.Information about the FTC’s COPPA enforcement actions can be found by clicking on the Case Highlights link in the FTC’s Business Center.