Enacted in 1998, the Children’s Online Privacy Protection Act (COPPA) was developed to protect online users under the age of 13 by prohibiting Web sites from collecting their information and allowing third parties to track user behavior across the Internet. However, in the nearly 20 years since the COPPA legislation, remaining in compliance remains a challenge for many online publishers.
Surprisingly, it’s often the case that online publishers can be in violation of COPPA without even knowing it. This is because, without a thorough understanding of what COPPA regulations entail, it’s easy for publishers to get caught in the nebulous gray space of whether their site(s) require compliance and what that means.
For example, a 10-year-old can visit ESPN.com and NickJr.com, but ESPN is not a children’s site; Nick Jr. is.
Largely, the factor that distinguishes a site that needs to uphold COPPA guidelines from one that does not, is intent. If the intent of the site is to reach children (think, math lessons, reading games, sites based off children’s toys and programming), it needs to be compliant.
However, this is often not as straightforward as it might seem.
A site like Lego, for example, is not specifically aimed at children, but a certain percentage of the audience is likely to be under 13. In a case like this, publishers should do their due diligence and invest in analyzing traffic breakdown and content of the site in order to avoid fines down the road.
Best practices would suggest that if a site is directed to kids, or if the majority of users are under 13, publishers need to be following all COPPA guidelines.
Understanding all regulations that comprise COPPA compliance can be difficult to navigate. As a result, many publishers that reach children under 13 just turn off their ads. While this is one method for ensuring compliance, these publishers are significantly under monetizing their properties.
Instead of just turning ads off completely, there are some best practices for publishers to continue to monetize their sites while remaining aligned with COPPA regulations:
Look to partner with COPPA compliant ad rep firms. An important caveat related to COPPA is that it only prohibits the collection, sharing and tracking of information for users under 13. It has no jurisdiction over the content of the ads themselves.
In working with ad partners that are themselves compliant and also have standards in place for ad quality, publishers can focus on creating quality content while ensuring brand control and safety, as well as COPPA compliance.
While it’s obvious that children’s sites should not be engaging in activities that are in blatant violation of COPPA, such as collecting user emails, when site intent is less defined, the tactics for ensuring COPPA become a bit more nuanced.
For example, virtual worlds/game sites can reach a variety of ages. For that reason, many adopt sign up/login policies that collect birthdate and then serve ads accordingly. The system knows when a user is under 13 and only serves compliant ads.
Ensuring COPPA compliance is a complex and nuanced undertaking, but as today’s generation of children have been raised on the Web, publishers that ignore or fail to understand COPPA can face serious consequences, both monetarily and in terms of brand reputation.
The first and most important step online publishers can take is determining intent. If a site’s content is directed toward children under 13, publishers must take the necessary steps to ensure they are not collecting user data.