How the New COPPA Requirements Are Bad for Businesses and Kids

The Children’s Online Privacy Protection Act gets tougher next Monday, and companies are scrambling to comply.

How the New COPPA Requirements Are Bad for Businesses and Kids

On July 1 the amended version of the Children’s Online Privacy Protection Act goes into effect. This update of the law that’s been on the books since 1998 affects any commercial operator of any website, mobile app, or location-based service with “actual knowledge” that they have users under 13, plus any plug-in that deals with such sites. It’s going to be bad for business and bad for kids.


The burden on companies not to collect, store, or share any personally identifiable information on children under 13 is greater than ever before, and penalties approach $16,000 per child user. You don’t have to be building an app specifically for kids in order to get slammed. In February, the social network Path after identifying a total of 3,000 child users. Ninety domestic and foreign companies received warning letters from the FTC in May that they may be out of compliance with the new rules.

The definition of “personally identifiable information” is broad. It’s not only names, home and email addresses, but has been updated to include geolocation data, photo, video, or audio of a child, and even IP addresses, which pretty much every website collects by definition.

The legal requirements for obtaining parental consent are highly involved and impractical, such as a video conference or having parents sign a form, scan and email in. Keeping kids off your site is not really practical either considering how high web and mobile use is among grade schoolers these days.

There are three likely consequences to the tightening of COPPA’s screws, none of which were intended.

The privacy protection racket will grow.

There are five different official safe harbor programs that sites can affiliate with to self-police, and a growing cottage industry of privacy lawyers offering advice on compliance.

Sites will simply look the other way.

“Actual knowledge” means you collect your users’ date of birth. Sites that don’t ask, or that promptly bounce everyone who states they’re under 13 may be safe. Of course, this nudge-and-wink policy gets us to a reality where 45 percent of 12 year olds are in fact using sites like Facebook, even if they have to lie to do it. Their data is being recorded and sold, with no enhanced protection of anyone’s privacy.


Kids will get fewer and lamer apps.

How would you like to try a version of Snapchat without photosharing? Yeah, we didn’t think so. The COPPA restrictions are bound to have a chilling effect on the development of educational apps and games.

[Image: Flickr user David Salafia]

About the author

She’s the author of Generation Debt (Riverhead, 2006) and DIY U: Edupunks, Edupreneurs, and the Coming Transformation of Higher Education, (Chelsea Green, 2010). Her next book, The Test, about standardized testing, will be published by Public Affairs in 2015.