IP Targeting and COPPA Compliance

What is COPPA? How does it affect online advertising and businesses on the World Wide Web?

COPPA Definition

The Children’s Online Privacy Protection Act of 1998 or COPPA is defined as “the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age.” (Source: Wikipedia) The law was passed by Congress in 1998 and took effect in April 2000. COPPA is administered and enforced by the Federal Trade Commission or FTC. New rules were introduced and took effect in July of 2013 to strengthen online and mobile privacy for children.

In 1998, the FTC conducted a survey of 212 websites and determined that 89 percent of them collected personal information from children. COPPA was created in response to the growing need to protect children from various security risks and minimize or eliminate their exposure to dangerous individuals online through chat rooms, email and bulletin boards. Simply put, COPPA aims to protect children while using the Internet by requiring parental consent before a website or mobile app, as well as third parties such as advertising networks, can collect personal and private information about a child.

Who Needs COPPA Compliance?

If you own and operate a website or mobile app that is directed toward children, and allow other services – such as YouTube videos or advertising networks – to gather personal information from visitors, then you are required to comply with COPPA. The law also affects general interest sites that collect information from children, whether or not the websites’ operators intend to do so or not. What this means is that you, as the website or mobile app owner and operator will be required to provide notice and get parental consent for any visitor or user who identifies themselves as under the age of 13 years, before you or a third party service can collect the child’s information.

According to the FTA, each of these is considered as personal information:

  • The child’s full name;
  • His or her home or other physical address, which includes street name and city or town;
  • Online contact information;
  • Screen or user name where it functions as online contact information;
  • Telephone number;
  • Social Security number;
  • Persistent identifier which can be used to identify a user over time and across various sites, such as cookie number, IP address, processor or device serial number, or unique voice identifier;
  • Photo, video or audio file containing the child’s image or voice;
  • Geolocation information sufficient to identify a street name and city or town; or
  • Other information collected from the child or parent that is collected from the child is combined with one of these identifiers.

IP Targeting – Do I Need COPPA Compliance?

The FTC explicitly states that IP addresses and geolocation data are considered as personal information. If you own and operate a website that collects IP and geolocation information and look at it from this standpoint, then it would appear that COPPA compliance applies to you. You should also ask yourself: Is your website or mobile app directed towards children under 13? If the answer is yes, then you will need to comply with COPPA. If not, then you won’t. However, given the complexity of COPPA, it doesn’t end there. If you have actual knowledge, (i.e. a child under the age of 13 years signed up for an account on your website or mobile app), then you must comply with COPPA even if your website or mobile app is not directed towards children. (Source: COPPALawAttorney.com)

If you are a business owner or an advertiser who wishes to market to children below the age of 13, you should refer to the COPPA Compliance Guide released by the FTC.