How to legally engage with your website’s minor users

You run a successful website about coding where a main part of your business is to host a Q&A form to engage your users. Have you ever wondered about who those people are that you are engaging with? What if you know that one of those people asking a question is a minor? Are there any legal restrictions for dealing with minors online?

In recent years, the law has been catching up with the explosion of internet-based services. One main legal concern has been how to protect children in their online ventures. The main law to be concerned with in the area is the Children’s Online Privacy Protection Rule.

Children’s Online Privacy Protection Rule

In 2000, the Children’s Online Privacy Protection Rule (COPPA) came into effect. The rule’s purpose is to protect the personal information that online services collect, use, and disclose about minor children.

Two of the most important things to define here are the terms ‘minor’ and ‘personal information’. The rule defines ‘minor’ as children under 13 years old. Now, what counts as ‘personal information’? The rule defines it as individually identifiable information collected online, including:

1. A first and last name;
2. A home or other physical address including street name and name of a city or town;
3. Online contact information as defined in this section;
4. A screen or user name where it functions in the same manner as online contact information, as defined in this section;
5. A telephone number;
6. A Social Security number;
7. A persistent identifier that can be used to recognize a user over time and across different Web sites or online services. Such persistent identifier includes, but is not limited to, a customer number held in a cookie, an Internet Protocol (IP) address, a processor or device serial number, or unique device identifier;
8. A photograph, video, or audio file where such file contains a child’s image or voice;
9. Geolocation information sufficient to identify street name and name of a city or town; or
10. Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described in this definition.

Who Must Comply With COPPA?

According to the FTC, COPPA applies to:

• “Operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children.”
• “Operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.”
• “Websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children.”

Basically, if you operate any online business that is intended for a child, you know children access, or if you knowingly get information from another online service intended for children, COPPA applies to you. For example, you run an app that is about raising cartoon puppies or you run an informational website with Q&A’s and a user identified themselves as under 13 or you collect information from a website for children for advertising purposes, you will need to comply whether or not the information is provided voluntarily or not.

COPPA in Action

Now that we know a bit about the law, what about that minor user asking a question on your forum? The basic questions you want to ask yourself are:

1. Do you fall under COPPA regulations?
2. Do you have actual knowledge that the user is a minor?
3. Is personal information being collected, used, or distributed?
4. Yes to all of the above? COPPA applies!

In this instance, your website most likely falls under COPPA regulations even though the website is for a general audience since COPPA applies if the operator has actual knowledge that they are collecting, using, or disclosing personal information from children under 13. Now, in this case you DO have knowledge that the user is a minor, but is any personal information being collected, used, or distributed? That depends! If you are just using the question itself with no personal information, then COPPA probably won’t apply. If you do collect, use, or distribute such information, then you will need to comply with COPPA’s regulations.

COPPA Requirements

If you know that COPPA applies to you, what do you need to do?

1. Post a Privacy Policy that complies with COPPA on your website or online service that clearly states how personal information will be collected and used.
2. Notify parents directly before information about the minor is collected.
3. Receive parental consent before information about the minor is collected. This may be done in a manner of ways depending on how the information will be used including credit card information, email (plus email to parent and parent responds with consent), and toll free hotlines.
4. Honor parent’s ongoing rights regarding the minor’s information. For example, if the parent gives consent and then wants to know what information was collected, you should tell them.
5. Implement reasonable procedures to protect the minor’s information.

Even if COPPA doesn’t apply to you, these steps are often recommended anyways. They will go a long way in making your users happy.