Age Verification Providers Association’s Post

The Children's Online Privacy Protection Act (COPPA) is a U.S. federal law enacted in 1998 and enforced by the Federal Trade Commission (FTC). The primary goal of COPPA is to protect the privacy of children under the age of 13 when they are online. Here are the key aspects of COPPA: Key Provisions: Parental Consent: Websites and online services that collect personal information from children under 13 must obtain verifiable parental consent before collecting, using, or disclosing such information. Privacy Policy: These sites and services must post a clear and comprehensive privacy policy detailing their information practices, including the types of personal information collected, how it is used, and whether it is shared with third parties. Data Minimization: Collect only as much personal information as is reasonably necessary to participate in the website or service. Parental Rights: Parents have the right to review their child's personal information, direct the website or service to delete it, and refuse to permit any further collection or use of the child's information. Security: Reasonable measures must be taken to protect the confidentiality, security, and integrity of the personal information collected from children. Enforcement and Penalties: The FTC enforces COPPA and can impose civil penalties for non-compliance. Penalties can be substantial, reaching up to thousands of dollars per violation. Recent updates and changes in enforcement have increased the scrutiny on digital platforms, especially with the rise of apps and social media. Impact and Updates: COPPA has undergone several updates to address the evolving digital landscape, including amendments in 2013 that expanded the definition of personal information to include geolocation data, photos, videos, and audio files containing a child's image or voice. The law continues to influence how digital services are designed and operated to ensure the protection of children's privacy online. Challenges and Criticisms: While COPPA has been praised for its role in safeguarding children's online privacy, it has also faced criticism. Some argue that it places a heavy burden on small businesses and stifles innovation. Others point out that enforcement can be challenging due to the global nature of the internet and the difficulty in verifying users' ages. Overall, COPPA remains a critical framework for protecting children in the digital age, requiring ongoing adjustments to keep pace with technological advancements and changing online behaviours. #COPPA

🎃 Don’t Let Children’s Data Privacy Give You a Fright in 2024! 👻🕸️ Some big changes are creeping up on businesses handling children's data, and they’re not to be taken lightly. 😱 👦🛡️ The Children’s Online Privacy Protection Act (COPPA) is getting a major upgrade. Expect stricter rules on collecting, storing, and using data from kids under 13. More parental consent and robust security measures are becoming mandatory. Don’t let your company be caught unprepared! 🧛♂️ 💀 California’s Age Appropriate Design Code Act (CAADCA) is even spookier. If it takes effect, companies will need to: 🧟♀️ Estimate users' ages and set default privacy protections for minors. 🎃 Ban harmful data practices, like selling personal info or tracking kids’ locations. 🕷️ While these updates sound scary, they’re critical for protecting young users and maintaining compliance. So, don’t get tricked by ignoring these changes—treat your business to the right privacy tools and stay ahead of the game! 🍬 Is your company ready for the new rules? 👻🔐 #DataPrivacy #Halloween #COPPA #CAADCA #TechCompliance #RegulatoryChanges

💫Understanding COPPA: Safeguarding Children's Privacy In today's digital age, protecting the privacy of young users is paramount. The **Children's Online Privacy Protection Act (COPPA) stands as a crucial legal framework in the United States, specifically designed to safeguard the privacy and personally identifying information of children under the age of 13 who engage with online services. As professionals in the tech industry, it's essential to comprehend the key provisions of COPPA and the implications for businesses. 💫Key Provisions of COPPA 1. **Parental Consent**: Websites and online services must obtain **verifiable parental consent** before collecting personal information from children under 13. This consent ensures that parents are aware of the data being collected and have the opportunity to control it. 2. **Notice**: Operators must provide clear and concise **privacy policies** that explain what information is collected, how it's used, and how parents can review and delete it. Transparency is critical to building trust with users and their families. 3. **Limited Data Collection**: COPPA restricts the collection of personal information from children, including names, addresses, phone numbers, and geolocation data. Companies must tread carefully and avoid overstepping these boundaries. 4. **Security Measures**: Operators are obligated to implement **reasonable security measures** to protect children's data. Robust encryption, access controls, and secure storage are essential components of compliance. 5. **COPPA Safe Harbor Programs**: Industry groups can create **self-regulatory programs** that align with COPPA requirements. These programs provide a framework for compliance and demonstrate a commitment to protecting young users. 💫Examples of Violations 1. **Google**: In 2019, YouTube (owned by Google) was fined $170 million for collecting personal information from children without proper parental consent. The platform's targeted ads violated COPPA guidelines. 2. **TikTok**: Formerly known as Musical.ly, TikTok settled for $5.7 million in 2019. The app failed to obtain verifiable parental consent for its younger users, highlighting the importance of due diligence. 3. **Girls' Life**: In 2016, Girls' Life magazine paid $250,000 to settle allegations of collecting personal information from children without proper consent. Email addresses and other details were at stake. 4. **Lisa Frank, Inc.**: Known for whimsical designs, Lisa Frank faced an FTC complaint in 2016. Their website collected personal information from children without proper consent, leading to a $50,000 settlement. As professionals, we play a vital role in ensuring COPPA compliance. By respecting children's privacy, implementing robust practices, and staying informed about legal requirements, we contribute to a safer online environment for the next generation. Let's continue to uphold these standards and protect our young users!

HOW TO BALANCE USER INTEGRITY AND CHILD PROTECTION ON ADULT-ORIENTED WEBSITES 🪪In the state of Georgia, a new law is being prepared that will force websites that show adult content, including pornography, to do a biometric-aided identity check before entering. 🔞The reason is to ensure that no underage visitors gain access to these sites. The wide availability of very explicit, unregulated content for minors in the Internet means that more states and countries will likely look at implementing similar measures. ☠️We are living through a period where we see considerable backlash against what many perceive as the drawbacks of user freedom and anonymity on the Internet, and we can expect similar moves also in other areas. 👮On the other hand, while restriction of harmful content is one prerogative with growing support, better privacy protection for Internet users is another. It is easy to see how biometric identity data tied to Internet browsing history can become a very powerful tool for everything from public shaming and cancellation attempts to attempts at curbing freedom by power-hungry states. Luckily, there is a technical solution to this dual-edged problem: Zero-knowledge proofs and independent third party verifiers: 🪪Imagine a service where a user can upload his/her ID document to a personal, encrypted vault, and then decide which data to share with third parties. ❓Upon entering a regulated site, the site asks for an age verification, and the user can respond whether or not he/she is above the age of 18, without sharing any additional information. 🛡️Once the user leaves the site, all records can be swiped clean, and the user can then enter at another time with a new session, not tied to the first. User integrity is protected. Let me know if you want to try a service like this live, today! 😄 https://lnkd.in/dtxBUqaS #identitysecurity #identityverification #integrity #ageverification

One of the best things you can do for your kids, is not create a digital signature for them. They should have the right to choose their own identity. One of the best things we can do as a technology industry, is to know where we put data about minors. Two more states will have consumer privacy rights in a few days on July 1, which means over 80 million people in the US can request their consumer privacy rights to be enacted. Lots of these 80 million are kids. Know where you've put their data as it requires special handling. Establish a special word that those closest to you know. In case someone using your voice calls a loved one asking for something. Or they get a text "from you" asking for something. This applies to our elderly as well. https://lnkd.in/grdzh8mf

Children's information and sharing it is top of mind for regulators, as we have been telling our clients for a while, and as we saw yesterday in a new CA AG $500,000 settlement with Tilting Point Media LLC (Tilting Point) for #CCPA and #COPPA compliance issues in mobile app game “SpongeBob: Krusty Cook-Off.” Practice points: Directed at children: 🔹 If you are aware that children under 13 are using your services - they are is directed to children. Saying in your terms of service and privacy policy that consumers under 13 are not authorized to use it - doesn't change this. Regulator 1, 2, 3: 🔹 CA AG will use every enforcement tool to ensure compliance with the law and that companies exercise diligence with privacy law requirements 🔹 If one regulator tells you that you are not compliant (here BBB National Programs CARU): assess your compliance with other laws you could be enforced against by another regulator Data minimization: 🔹 Don't collect more personal information than reasonably necessary for a child to participate. Mind your SDKs: 🔹An SDK facilitates data sharing that can be a sale (CCPA) and/or unfair/deceptive (FTC) and/or subject to COPPA just like any data sharing. 🔹 You need to know: what information each SDK collects; evaluate contracts re: sharing of data through them - making sure you have the right consent. 🔹 You may need a formal SDK governance framework. 🔹 Every year: assess data minimization and SDK usage. (ensuring data flows appropriately change based on the consumer's age). 🔹 Every year: conduct adequate training for personnel re sharing and SDKs Sale/share: 🔹 Disclose your sale and share correctly in your privacy notice 🔹 Don't sell/share personal information of under 13's without parental consent 🔹When you do sell/share: provide a just-in-time notice explaining what information is collected, the purpose, sale/share, link to privacy policy, & parental or opt-in consent required. [FTC also says this in BetterHelp] Mixed audience 🔹When using an age screen it has to be neutral. 🔹Neutral means: (1) ask age information in a neutral manner that does not default to a set age of 16 or above or encourage users to falsify age information; (2) not suggest that certain features will not be available; and (3) provide CLEAR AND CONSPICUOUS notice that the age entered should be accurate to the user and is collected to ensure data use and advertising is appropriate. 🔹If the person is under 13 or 16 - direct them to a portion of the service that doesn't use data other than as permitted by COPPA/CCPA or get parental / opt in consent For ads in your apps, make sure they are: 🔹Identified as being an ad; 🔹Include a prominent one-click “X” or “Close” button; 🔹Do not manipulate or deceive consumers into engaging 🔹Do not advertise activities/products in which children cannot legally engage/possess. #dataprivacy #dataprotection #privacyFOMO Complaint: https://rb.gy/enu19e Agreement: https://rb.gy/jq6lke

A topic we have talked about several times recently. Information Commissioner's Office are calling on 11 social media and video sharing platforms to improve their children’s privacy practices. Varying levels of adherence to the Children's Code were found, with some platforms not doing enough to protect children’s privacy. According to the ICO ‘The Children’s code (or the Age appropriate design code)’ contains 15 standards that online services need to follow. This ensures they are complying with their obligations under data protection law to protect children’s data online. As CSRB act as a certified and independent Data Protection Officer (DPO) for a number of Childcare service providers, this is an area we are particularly passionate about. If you provide information or other services to Children then please get in touch with us via info@csrb.co.uk for a free no obligation advice session regarding your Data Controller obligations under The Children’s Code. https://lnkd.in/epAYDbAg #ChildrensCode #DigitalSafety #DataProtection #OnlineSafety #CSRB

The Colorado AG has published proposed amendments to the CPA, here's what you need to know.... Biometrics - Businesses must implement Biometric Identifiers that detail the types of identifiers collected, the purpose for them, the retention period for, and whether such identifiers are disclosed to any third party. The AG’s proposal also requires businesses to obtain explicit consent from individuals before selling or disclosing biometric information, building on the opt-in requirement already featured. The new notice and consent requirements apply to all businesses that collect or process biometrics, even if they do not otherwise meet the CPA’s threshold. Children’s Privacy - The key piece here is heightened privacy protections for teenagers by applying the CPA requirements to minors (those under 18) in addition to children (under 13). Explicit consent is also a theme again, with it now being required before processing a minor’s data or before using any system design feature to significantly increase, sustain, or extend a minor’s use of an online service. #Privacy #CPA #ColoradoPrivacyAct

My opinion piece on respecting children’s privacy and ensuring their online safety “Children should enable privacy settings on social media. They need to know where their information is going and how it is being used. Even if a picture or video is deleted from the internet, it can still be viewed, or someone may have already taken a screenshot. Children need to be reminded of this. Parents have to know what apps, games, and social media platforms their children are using. Besides, parents have to consider whether their posts will cause their children to feel ashamed, embarrassed, anxious, or upset in the future. Can it harm their children? It is important to take care that no one can know about the daily routine from the posts. Geotagging (through which the physical location of a person can be derived from the internet) needs to be stopped. Privacy settings will be such that posts can only be seen by trusted friends and family members. They should be told not to share the posts. It is the responsibility of the state to formulate and implement the necessary laws and policies for child protection online. Internet service providers, mobile phone companies, and all those involved in information and communication technology must consider the best interests of children with utmost importance while developing products and providing services. States should hold them accountable for their actions and non-actions.” https://lnkd.in/gcg9HhzS

It wouldn’t be the holiday season without some breaking-news to give privacy professionals a little extra work over the holidays. Last year it was the COPPA NPRM. This year it’s a new draft of S.2073, the Kids Online Safety and Privacy Act (KOSPA), released by Senators Blackburn (R-TN) and Blumenthal (D-CT) last weekend. To help you understand what’s changed, here is an unofficial redline of changes to the Kids Online Safety Act (KOSA) portion of KOSPA. For a refresher on KOSPA, over the summer the U.S. Senate combined KOSA and the Children and Teens’ Online Privacy Protection Act (“COPPA 2.0”) into one bill and passed it 91-3. This new draft of the bill is intended to allay First Amendment concerns that have impeded progress in the House, where the bill has sat dormant since passing the Senate in July. What changed? The important changes happened in KOSA, so this redline is limited to just that Title of KOSPA. On top of lots of small changes throughout, the drafters tinkered with the bill’s duty of care and the role of the Kids Online Safety Council, which are two of KOSA’s more controversial elements. Does this mean KOSPA will pass? The signs are that it is unlikely that youth privacy legislation will move until the next Administration. In a statement on the updated text, Speaker Johnson said, “I have been and continue to be open to working on a solution that protects kids online while continuing to protect the free speech rights of all Americans. It’s essential to get this issue right and House Republicans look forward to working with the Trump Administration to get the right bill into law.”