If you operate a website, game or app you should consider whether the U.S. Children’s Online Privacy Protection Act (COPPA) applies to your data collection practices. Even if you complied with COPPA in the past, it is surprisingly easy to violate in the future when the development team adds new features without running them by legal counsel.
1. if directed to children under 13 and you collect personal information from them;
2. if directed to children under 13 and you let others collect personal information from them;
3. if you have a general audience, but actually know that you collect personal information from children under 13; or
4. if you operate a plug-in or other third party service, and have actual knowledge that you collect personal information from websites, games or apps directed to children under 13.
What is personal information? Personal information is information that can identify a user, such as their full name, email address (or other persistent online identifier), image, voice or geolocation data.
How do you know if your website, game or app is directed at children under 13? A number of factors are considered, such as subject matter, content, whether animated characters are used, child-oriented activities or incentives, ads directed at children or any other evidence regarding the age of the actual or intended user base.
Can I use an age screen? Maybe (my apologies for the typical lawyer answer). Age screens are permitted if the service does not target children as its primary audience. The determination of primary audience is (once again) a factor-oriented analysis.
Penalty? Penalties depend on a number of factors, but each violation can cost up to $16,000.
COPPA will not always apply to your website, app or game but you should consult legal counsel to determine whether COPPA applies. Additionally, before adding any new features that collect personal information, consult with legal counsel once again to ensure that these new features don’t implicate COPPA.