Webmasters must guard kids' privacy

"How to Comply With The Children's Online Privacy Protection Rule"

Not only is privacy a major issue on the Web for federal agencies, but particular emphasis is being given to children's rights to privacy in a Web-enabled world.

The Federal Trade Commission has a Web page for the Children's Online Privacy Protection Act (COPPA) that provides a guide on COPPA and a summary of most of the key issues related to children's privacy.

The page explains that COPPA, which became effective April 21, 2000, applies to the online collection of personal information from children under 13. "The new rule spells out what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent and what responsibilities an operator has to protect children's privacy and safety online," the page explains.

Although COPPA is aimed primarily at commercial Web sites that collect information from children, the law states that any "general-audience Web site" must comply with COPPA.

The key threshold question is whether the Webmaster or program office knowingly collects personal information from children. Any Web site that collects information from, encourages visits from, or provides information of general interest to children should take a hard look at COPPA.

You will, of course, need to coordinate with your legal office on what is proper in view of COPPA. Particular attention should be paid to the use of cookies and to statistics gathered on Web pages that include children's participation.

The FTC has the overall responsibility for compliance with COPPA and can bring enforcement actions.

Your privacy policy and procedures need to be updated to address COPPA. Because of the sensitivity of any issue involving children, COPPA issues should move to the forefront of your Webmaster's priorities.

In addition, you should tailor a specific privacy policy that applies to your home page for children. Look carefully at the requirements for parental consent regarding the collection of any information involving children.

I highly recommend viewing the FTC's Kidz Privacy site for guidance on what is appropriate and inappropriate. Also, review the FTC privacy statement for what is appropriate for a privacy statement.

A search at the FTC site for "COPPA" or other keywords related to privacy statements for children brings up interesting text from many privacy associations.

—Kellett is founder of the Federal Web Business Council, co-chairman of the Federal WebMasters Forum and is director of GSA's Emerging IT Policies Division.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.