COPPA & Making An App For Kids
Making a website or app can take a tremendous amount of time, planning, and skill. But making an app for kids adds another layer -- compliance. What is COPPA? And what are the extra steps in maintaining a website or making an app for kids?
The Children's Online Privacy Protection Act (aka "COPPA")
Online services that collect information from children under the age of thirteen are required to comply with COPPA. COPPA spells out what operators of websites and online services must do to protect children’s privacy and safety online. The law is enforced by the FTC. (Luckily, the FTC has published a six-step compliance plan here). Your site or app might fall into COPPA territory if:
- You're a "website or online service." If you send or receive information online, you're in "website or online service" territory. This includes gaming platforms, plugins, and location-based services.
- The app or website is "directed to children." The FTC considers various factors -- including things like the platform's subject matter, the visual content, the use of animated characters or child-oriented activities and incentives, music or other audio content, the age of models used within the site, and language or other characteristics of the site -- to determine whether a website is "directed to children." Even if your site is directed to a general audience, COPPA could apply -- in that sense, it's not just for kids' sites and apps.
- You use online tools to collect kids' info. If a third-party plugin, platform, or company collects a child's personal information, that counts. In other words, it counts even if you're not technically the one collecting the information.
Under COPPA, once a website is determined to be "directed to children," you cannot block children from participating all together. (Even if children are not your intended primary target.)
Making an App for Kids & Complying with COPPA
If you're making an app for kids or a platform that is likely to attract children, there are some hoops to jump through in order to comply with the law. Those hoops include, but are not limited to, the following:
- Adopt -- and adhere to - -a strict privacy policy. A COPPA-compliant privacy policy, that is. It should notify users of your information collection, use, and disclosure practices. Further, the link to the privacy policy must "clearly and prominently" appear on the home page. The link must also be in close proximity to each area in which there is a request for information or option for a child to create an account.
- Obtain verifiable parental consent. If your platform collects any personal information from a child, you must first obtain verifiable parental consent. (That is, unless your collection activities fit into an exception). The mechanism for obtaining parental consent must be reasonably calculated to ensure that the person providing consent is, in fact, the child's parent (and not a child attempting to register).
- Give parents a choice. Parents should have the option to access their child's personal information, and the opportunity to delete the child's information or prevent further use or online collection of the information.
- Get what you need. Be sure to collect only the personal information reasonably necessary for a child to participate in the platform.
- Lock it down. Create and maintain security measures that protect users' information.
The Point: Whether you're creating a website community that might attract kids, or making an app for kids, be sure to familiarize yourself with COPPA and ask the important questions.