The Children’s Online Privacy Protection Act (COPPA) was originally enacted in 1998 as a way of protecting kids online. Updated in 2013, COPPA makes it illegal for commercial websites to collect identifying information about kids under the age of 13 without verifiable parental consent. The University of Alabama complies with the requirements of COPPA. Certain University sponsored events including summer youth programs, camps, tours and similar activities may include participants under the age of 13. University events or other activities which specifically exclude the participation of children under the age of 13 or, those where the participants’ information collection is not done online, are not required to comply with COPPA. In all cases, however, the events managers and website operators should be familiar with the law’s requirements.
The key COPPA requirements for UA are:
- The institution must post an online privacy statement describing its information practices for personal information collected online from any persons under age 13.
- Events Managers, Program Directors, and other website operators must provide direct notice to parents of the operator’s practices with regard to the collection, use, or disclosure of personal information from persons under 13, including notice of any material change to such practices to which the parents has previously consented.
- Events Managers, Program Directors, and other website operators must obtain verifiable parental consent to any collection, use, and/or disclosure of personal information from persons under age 13.
- Events Managers, Program Directors, and other website operators must provide means for a parent to review the personal information collected from their child and to refuse to permit its further use or maintenance.
- Events Managers, Program Directors, and other website operators must have procedures to protect the confidentiality, security, and integrity of the personal information collected from children under age 13, including by taking reasonable steps to disclose/release such personal information only to parties capable of maintaining its confidentiality and security.
- Events Managers, Program Directors, and other website operators must retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
- Events Managers, Program Directors, and other website operators operators may not condition a child’s participation in an activity on the child providing more information than is reasonably necessary to participate in that activity.
For assistance with any of these requirements, or any other privacy related questions, please contact CERA at 205-348-2334 or cera@ua.edu.