What Entrepreneurs Should Know About the Laws Protecting Children Online As the FTC cracks down on non-compliant businesses, understanding the importance of children's online privacy and protection is even more important for small businesses.
By Peter Gasca Edited by Dan Bova
Opinions expressed by Entrepreneur contributors are their own.
These days, there are tens of millions of underage children online. By federal law, business websites are not permitted to collect data from children under the age of 13 without parental consent, though many inadvertently do.
Let's face it, it is not difficult to circumvent age-restricted websites by lying about your age, which somehow my neighbor's one-month-old girl has managed to do on Facebook. I have never seen so many baby selfies.
Children using the Internet and engaging online is a good thing, in my opinion, because exposing children to technology, especially the importance of understanding how it works, is an incredibly important skill for them to learn and master. It is also very dangerous for innocent young children who are subject to predators online, but also for legitimate businesses trying to operate ethically but not recognizing that they might be attracting young eyes to their websites.
Related: 10 Questions to Ask When Collecting Customer Data
Federal legislation to protect children online, called COPPA, or Children's Online Privacy Protection Act, was passed in 1998. It is fairly strict though straightforward, and as industries and advertisers continue to evolve, especially in the area of how to attract, interact with and monetize young online consumers, understanding the impact of COPPA on your business is crucial.
I struck a conversation with widely-cited online privacy expert, Denise G. Tayloe, the co-founder and CEO of PRIVO, an FTC-approved, neutral third-party COPPA Safe Harbor and identity and consent service provider and consultancy firm. I asked her to share tips for entrepreneurs and business managers who are looking to stay compliant with COPPA.
Get the proper parental consent
If you deal directly with children, you already understand the need to receive parental consent before engaging with a young audience, typically through registering with a parent's email. It is not enough, however, to simply send an email to a parent notifying them of their child's interest in your online service. Avoid COPPA violations by ensuring your notifications do not omit important information and links that could confuse the parent, and be sure to disclose all of the information you have collected to that point.
Also, it is important that you, as the online service provider, understand or consult an expert on the full level of consent required by the parents, which will depend on the content and features you offer.
Understand how to handle your audience.
If your site engages with older teens and adults with content sensitive to young viewers (under the age of 13), you need to understand more than just how to block younger users. it is wise to create an "age gate" that freely allows and encourages users to enter their true date of birth.
Notify users under the age of 13 that they are not eligible to join yet and always avoid stating that the legal age to join is 13 or older, which will simply encourage visitors to enter a false date. Will children figure out? Sure, but going to this measure assures you are making an effort to protect them.
Understand what constitutes personal identifiable information (PII).
Many businesses are unaware that photos, voice recordings and videos are all personally identifiable information, or information that can be used on its own or with other information to identify, contact or locate a single person or identify an individual in context. This type of information requires full verifiable parental consent.
Depending on the information you collect, including pictures and videos, and the level at which you allow your visitors to share, be sure you are in compliance with the level of consent you need for your younger users.
Assure your mobile app is COPPA compliant.
Developing a mobile app for your business is evolving into a necessity. Since app stores require COPPA compliance, understand the categories that are consider "child-facing," or readily available to underage children, to avoid rejection. COPPA requires app developers to provide a privacy policy link on the opening screen of a child-facing app, and Apple will not allow an app to be published in its "For Kids" category without a parent-gate.
Seek consent for new features and updates.
If you regularly update your website and mobile app with features and content, as almost every business does (and should), be certain to update the section in your privacy policy that addresses collection and use of information. Significant material changes require actions beyond just changing the date of your policy.
More than ever, children are online and consuming and sharing content. Without the proper understanding and preparation, you may violate the COPPA rules without even knowing it. The FTC recently started cracking down on companies that were non-compliant, in some cases levying fines as high as $1 million on companies such as Yelp and Amazon.
As Data Privacy Day approaches, and we all make an effort to raise visibility about the importance of protecting our vulnerable children online, take some time to at least least visit the COPPA website to review compliance requirements. If you market or interact with children in any way, it is worth considering consulting an expert and taking a leadership role in the cause.
Related: What Every Online Business Needs to Know About the Children's Online Privacy Protection Act