COPPA RULE
PART 312—CHILDREN’S ONLINE PRIVACY PROTECTION RULE
This part implements the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501, et seq.), which prohibits unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children on the internet.
| COPPA Requirement | Company Policy Provision |
|---|---|
| Applicability & Scope | |
| Applies to operators of commercial websites and online services directed to children under 13, or operators who have actual knowledge they are collecting personal information online from a child under 13. | See Privacy Policy, Children's Privacy |
| Verifiable Parental Consent | |
| Must obtain verifiable parental consent before collecting, using, or disclosing personal information from children under 13, unless a limited exception applies. | See Terms Of Use, School Addendum, Section 1 |
| School Consent Exception | |
| An operator may rely on consent from a school, acting as the parent's agent, provided the operator uses the student's information only for the educational context and for no other commercial purpose. | See Privacy Policy, Individual Data; Security Statement, Section 2 |
| Direct Notice to Parents | |
| Must provide parents with a direct notice of the operator's information practices before collecting information from their children. | See Security Statement, Section 3.2 |
| Online Privacy Policy | |
| Must post a clear and prominent link to a privacy policy that describes the operator's information practices for children's personal information. | See Privacy Policy |
| Data Collection & Use Limitations | |
| Must not condition a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate. | See Security Statement, Section 2 |
| Parental Rights to Review and Delete Data | |
| Must provide parents, upon request, with a means of reviewing the personal information collected from their child and a means to refuse further use and request deletion of the information. | See Privacy Policy, Access to Individual Data; Security Statement, Section 3.1 and Section 6 |
| Data Security | |
| Must establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. | See Privacy Policy, How We Store and Protect Your Information; Security Statement, Section 5; Information Security Policy (AUP) |
| Data Retention | |
| Must retain personal information collected online from a child for only as long as is reasonably necessary to fulfill the purpose for which the information was collected. | See Security Statement, Section 6, "Removal of RECORDS"; Data Management Policy |
