Search form

COPPA Plea: Keep Kids Safe Online

The Children's Online Privacy Protection Act (COPPA) requires Web site operators to obtain verifiable parental permission to collect personal information from children younger than 13. How will that affect the online activities students participate in at school? Education World has the answers! Included: Online resources to help you and your students understand the issues -- and the law!

The Children's Online Privacy Protection Act, a law designed to ensure the online privacy and safety of children younger than 13, went into effect on April 21, 2000. The law states that

  • Children younger than 13 cannot be required to give out more information "than is reasonably necessary" to participate in a site's activities.
  • Web site operators must obtain parental permission to collect personal information from children younger than 13.
  • Parents have the right to know what personal information is being collected and how it will be used.
  • Parents have the right to review any information collected, determine whom it can be given to, and/or have the information deleted.
  • Parental permission must be verifiable.



Parental permission is the key to COPPA. According to Dean Forbes, an attorney for the Federal Trade Commission (FTC), which is responsible for enforcing COPPA, parental permission may be verified in a number of ways. According to Forbes, a sliding-scale approach will be in effect for the next 18 months, and reliability standards will vary, depending on what information is being collected and how that information will be used. Sites that don't share collected information with third parties will be allowed to accept e-mail verification, but sites that provide communications services -- such as e-mail, chat rooms, and message boards -- must use more reliable verification methods.

Acceptable verification methods, Forbes said, include the following:

  • the "print and send" method, in which a parent prints a permission slip posted at the site, signs it, and returns it to the site operator by snail mail;
  • a toll-free number staffed by trained personnel, which parents call to provide verbal permission;
  • a parent's credit card used during a transaction;
  • a digital signature, using an encryption method provided by the Web site operator;
  • an e-mail accompanied by a PIN or password obtained by one of the verification methods listed above.

Web site operators can be fined $10,000 for each child who submits identifiable personal information without a parent's permission.



Which sites aren't affected by COPPA? The law also requires Web sites that target children younger than 13, or know they are collecting information from children younger than 13, to prominently post a privacy policy that explains

  • what information is being collected;
  • who is collecting the information -- including company contact information and the names of Web operators collecting the data;
  • how collected information is used, whether the information is offered to third parties, and relevant information about the third party;
  • the parents' rights as specified in COPPA as well as an explanation of how to exercise those rights.



What are the schools' responsibilities concerning COPPA? Students younger than 13 must have verifiable parental consent to provide personal information to Web sites -- whether they provide that information from home or from school. According to Forbes, however, schools can obtain parental consent for all students and then pass on that consent by proxy to Web site operators.

"When a school grants a Web site permission to collect personal information -- by permitting students to participate in online projects or activities in which they provide personal information, for example -- the Web site operator can assume that the school has obtained the necessary parental permission," Forbes said. Most schools' acceptable use policies require written parental consent for Internet use. Under COPPA, if students might be asked to provide personal information to Web sites, that parental consent must also specifically include permission for students to provide personal information. Permission to simply use the Internet is not enough.

In addition to complying with the letter of the law, teachers should make sure that the sites their students visit have prominently displayed, clearly stated privacy policies that meet COPPA's requirements. They should also educate their students about online safety and privacy issues.

"COPPA doesn't limit children's access to information," Forbes said. "It limits Web site operators' ability to get information from children."

Linda Starr
Education World®
Copyright © 2000 Education World


Related Articles from Education World