Skip to main content

Buckling up in the car is a precaution parents take to protect themselves and their children. When it comes to the Children’s Online Privacy Protection Act, navigating the rules of the COPPA Road helps protect your business and the kids who visit your website or use your online service. Most companies are familiar with COPPA’s mandate to get parental consent up front before collecting personal information from children under 13. But there’s another requirement farther down the COPPA Road that some businesses may not know about.

As the FTC’s Six-Step Compliance Plan for Your Business explains, if you’re covered by the Children’s Online Privacy Protection Rule, you must provide parents the right to review and delete their children’s information. But did you know that, under certain circumstances, COPPA also requires you to delete children’s personal information, even if parents don’t ask you to?

Consider the example of a subscription-based app that offers children under 13 a variety of games and learning tools. What happens if, at the end of the subscription period, a parent decides not to renew the service? Absent a deletion request from Mom or Dad, can the company just keep the child’s personal information?

The answer is clear: No, the company can’t keep it. Under Section 312.10 of COPPA, you’re allowed to retain children’s personal information “for only as long as is reasonably necessary to fulfill the purpose for which the information was collected.” After that, you must delete it using reasonable measures to ensure it’s been securely destroyed.

With that in mind, if you haven’t reviewed your data retention policy recently, it’s time to take a fresh look at it. What do you do with the child’s information when a parent closes an account, doesn’t renew a subscription, or allows an account to become inactive? Is that information still necessary for, say, final billing purposes? If so, for how long?

Here are a few questions that might help your company navigate COPPA’s data retention and deletion requirements:

  • What types of personal information are you collecting from children?
  • What is your stated purpose for collecting the information?
  • How long do you need to hold on to the information to fulfill the purpose for which it was initially collected? For example, do you still need information you collected a year ago?
  • Does the purpose for using the information end with an account deletion, subscription cancellation, or account inactivity?
  • When it’s time to delete information, are you doing it securely?

The FTC has resources to help your company streamline COPPA compliance.

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Tripti maurya
March 30, 2019
All on time
angelo
November 18, 2019

In reply to by Tripti maurya

It is stupid
Jay Joestar
November 19, 2019

In reply to by angelo

Yo Angelo. You are correct
Mike
November 22, 2019
You guys really don't understand internet pop culture, you don't get it.
Feck
November 26, 2019
The safety of a child is great, but there are people like thieves who get a 20,000 dollar fine and youtubers who targeted children get 42000 that's dumb.
luqman
December 04, 2019
to be honest. i'm indonesian citizen. not american. just a teenager from asia pacific. i understand that coppa is needed to protect our kids from adult/mature content on youtube or other platform. but consider your choice. youtube isn't just for kids. its for everyone. not limited just by age or country. even religion or ethnic people lived in. if you didnt atleast try to find a better resolution. thousand of people who's working as content creator on youtube will suffer. their channel will get deleted. and lot of people didnt like it. i personally didnt like it. if i suggest you. talk to few content creator on platform. not people working on youtube. but the content creator. i think we can find a better way to solve this thankyou ftc
Guest
December 18, 2019
That's why there is youtube kids.
Guest
January 01, 2020
The parents shod control what the kids are watching not the content craters.
Owl
January 12, 2020
This is completely dumb when combined with the algorithm. This proves to be a recipe for disaster on YouTube because of how YouTube abuses its platform.
Guest
January 17, 2020
Congrats. you're destroying the internet. hope you enjoy all the backlash you're going to get.
person who doe…
February 02, 2020
FTC WEAKEN THIS OR THE ENTIRE INTERNET WILL DIE and it will be your fault that it died.

More from the Business Blog

Get Business Blog updates