This law ensures that internet sites, edtech applications, and other digitally available learning tools for children incorporate the protection of privacy for children aged 13 years or less. Their personal data have to be concealed and be unavailable for harvesting or monetary gain. The law implements rules on the use of data about and from children under 13 that are more stringent than the laws governing data about older people. It also gives the parents the ability to monitor and approve some of the information shared by their children. COPPA adds a distinguished layer of privacy protection that organizations that traffic in personally identifying information have to deal with. Some websites try to avoid adhering to COPPA by completely banning young users. Other websites might not consider themselves to be appealing to children under the age of 13 and hence, not subject to COPPA’s rules. However, the Federal Trade Commission (FTC) may take a different approach based on a website’s content.

Business owners, who’re thinking about complying with COPPA, first need to figure out whether or not the law applies to them. If children under 13 aren’t a business’s primary audience, but its website still meets some of the criteria established by the FTC, the business needs to determine individual users’ age if it’s going to collect personalized data from them.

If a website is subject to COPPA’s regulations, it needs to do the following:

·         Post a comprehensive and clear online privacy policy mentioning its information practices for personal information (PI) collected online from under-13-year-olds

·         Make reasonable efforts to provide parents with direct notice of its practices concerning the collection, use, and/or disclosure of PI from children under 13, including notice to any material alteration to practices to which the parents have previously provided their consent

·         Get verifiable parental consent, with limited exceptions, before any collection, use, and/or disclosure of personal information from children under 13

·         Offer a reasonable means for parents to review the personal information collected from their children, and for them to refuse to allow its further use

·         Establish and maintain reasonable processes to protect the security, confidentiality, and integrity of the personal information collected from children under 13, including by following reasonable steps to release and disclose such personal information only to parties able to maintain its security and confidentiality

·         Retain personal information collected online from under-13-year-olds for only as long as it’s required to fulfill the objective for which it was collected and delete the data using reasonable measures to safeguard against its unauthorized use or access