Q. COPPA applies to "websites directed to children." What factors should I use to determine whether my website is targeted to children?

A. According to the Rule, the factors to use in determining whether your site is targeted to kids include subject matter, language, whether the site uses animated characters, and whether advertising on the site is directed to children. The Commission also considers empirical evidence regarding the ages of the site's visitors. These standards are similar to those for TV, radio and print advertising.

Q. My site is a general audience site that has a separate children's area. What are my COPPA obligations?

A. The portion of your website that is directed to children must be COPPA-compliant. The Rule requires that you post a prominent link to your privacy policy on the homepage of your children's area. In addition, it requires that you place a prominent link to your privacy policy near every area that asks for personal information from children.

You may have a separate privacy policy for the children's area of your website or a separate section within your general privacy policy that describes your information collection practices with respect to children. If you decide on a privacy policy with a separate section for your information practices regarding children, you'll need a link from the homepage of the children's area directly to the children's portion of the privacy policy. Or, state clearly at the top of the privacy policy that a specific section discusses the information practices regarding children.

Q. My site does not collect personally identifiable information from children - or anyone else. Do I still need to post a privacy policy?

A. COPPA applies only to websites that collect personal information from children. However, posting a privacy policy may reassure visitors about a website operator's information practices. Surveys show that most parents are uncomfortable with their children revealing any personal information on the Internet. As a practical matter, parents should be pleased to read your privacy policy and find out quickly that you don't collect personally identifiable information.

Q. COPPA is triggered by the collection of personal information from children. But the information I collect at my site is voluntary, not mandatory. Does COPPA apply?

A. Yes. Information collection is what triggers the Rule, whether it is voluntary or mandatory.

Q. Is it okay for the link to my privacy policy to be at the bottom of my home page?

A. As long as the link is "clear and prominent," it can be at the bottom of the home page. The Rule requires that the link to your privacy policy "be placed in a clear and prominent place and manner on the home page of the website or online service" and at each area where children provide, or are asked to provide, personal information. According to the Commission, "'clear and prominent' means that the link must stand out and be noticeable to the site's visitors.... The Commission does not consider 'clear and prominent' a link that is in small print at the bottom of the page, or a link that is indistinguishable from a number of other, adjacent links."

Q. I run a general audience site, but it has a separate children's section. Can I structure my privacy policy so that information about my children's practices and non-children's practices are mixed, or do I have to have a separate privacy policy about my practices with respect to children?

A. You may have one privacy policy that contains information about your practices as they apply to children and other people. But make sure that there is a link to the privacy policy on the home page of the children's area and at each area where personal information is collected from children.

If you use one privacy policy for both the general audience and children's portions of your website, make sure that:

• the link on the homepage of the children's area takes visitors directly to the part of the privacy policy that discusses children, or

• you clearly state at the top of the privacy policy that there is a specific section discussing information practices with respect to children.

Q. Can my privacy policy include materials promoting products or services?

A. No. COPPA requires that privacy policies be "clearly and understandably written, complete, and contain no unrelated, confusing, or contradictory materials." The more complicated and confusing the policy, the less likely it is that parents will understand or even read it. Parents who find a policy confusing or difficult to wade through may be less likely to grant you consent.

Q. Does COPPA require that I list the contact information for all the operators at my site? This could make my privacy policy very long and confusing.

A. If there are multiple operators collecting information through your site, you may list the name, mailing address, phone number, and email address of one operator who will respond to all inquiries from parents regarding all the operators' privacy policies and the uses of children's information. But that's the case only as long as the names of all the operators are listed in the notice.

Alternatively, if you want to list the contact information for all the operators - but still keep your privacy policy and notice simple - include a link in the privacy policy to the list of operators and all their contact information. When you send your notice to parents to request consent, be sure they can access the list.

Q. Does my privacy policy have to disclose my use of cookies, GUIDS, IP addresses, or the fact that I use other passive information collection technology?

A. Yes, it does, when the information is combined with "personal information." The Rule defines personal information as including identifiable information about an individual collected online, including any persistent identifier that is tied to identifying information. For example, if you tied a child's email address to the information that your cookies collected about the length of the child's visit, all the information collected would be considered "personal information."

Get Adobe Acrobat Reader