Since April 2000, the Children's Online Privacy Protection Act has been in place in the United States to regulate and control the collection of personal information about people less than 13 years old. The act covers methods of collection, storage, use and disclosure of personal information relating to children permissible by organizations and individuals within U.S. jurisdiction. Under the Children's Online Privacy Protection Act, companies found in violation can face steep fines.
Businesses, organizations and services are often eager to gather details about their consumers, looking for ways to improve products, increase sales or otherwise gain an advantage over competitors. Companies catering to the children and preteen markets are no exception. Through techniques such as surveys, contests or club memberships, they might gather customers' names and addresses, phone numbers, email addresses and other personal details.
The Children's Online Privacy Protection Act requires that anyone collecting information on children to provide a detailed privacy policy. This policy must clearly outline what information is required, how the information will be used, who will have access and whether the information will be shared with other individuals or organizations. Only relevant details are to be collected, such as the minimum information required to participate in a contest, game or similar activity. A link to the privacy policy is required on any web page where details are requested. Verifiable parental permission is required before any information can be collected.
Organizations are required to inform children and parents if they intend to share information with third parties. Permission also is required to share details, and parents or children can opt out if desired. Organizations also must provide options to remove personal details from the database on request and to opt out of future surveys, data collection, emails or promotions.
Oversight and enforcement of the Children's Online Privacy Protection Act falls to the U.S. Federal Trade Commission (FTC). The act was designed to encourage self-regulation within the business community. This safe harbor provision allows groups to apply for approval on self-regulatory guidelines and procedures. Violations of these guidelines would be dealt with through the safe harbor organization. Only when these disciplinary actions fail would FTC enforcement be required.
Only websites with an audience of children fall under the provisions of the Children's Online Privacy Protection Act. Sites directly targeting children and general websites that appeal to children are affected, and the act does not apply to other sites. As a U.S. law, the Children's Online Privacy Protection Act is somewhat limited in its global effectiveness, but the act does apply to foreign websites targeting children within the U.S.