1. I wish to have competition to my child-directed internet site. Am I able to make use of the Rule’s “one-time contact” exclusion to previous consent? That is parental, in the event that you precisely design your contest. You could use the “one time contact” exception in the event that you gather children’s online contact information, and just these records, to enter them when you look at the competition, then just contact such kiddies when once the competition stops to inform them if they have won or lost. When this occurs, you need to delete the contact that is online you have got collected.
If, nevertheless, you anticipate to get hold of the children one or more time, you need to utilize the exception that is“multiple-contact” that you can additionally needs to collect a parent’s online email address and offer moms and dads with direct notice of one’s information methods and a chance to choose down. The Rule prohibits you from using the children’s online contact information for any other purpose, and requires you to ensure the security of the information, which is particularly important if the contest runs for any length of time in either case.
If you want to gather any information from children online beyond online contact information regarding the contest entries – such as for instance collecting a winner’s home target to mail a reward – you need to first provide moms and dads with direct notice and acquire verifiable parental consent, while you would for any other kinds of private information collection beyond online contact information. You may ask the child to provide his parent’s online contact information and use that identifier to notify the parent if the child wins the contest if you do need to obtain a mailing address and wish to stay within the one-time exception. In your reward notification message to your moms and dad, you may possibly ask the parent to give you home mailing target to deliver the reward, or ask the parent to phone a cell phone number to deliver the mailing information.
2. I’ve a website that is child-directed comes with an “Ask the Author” part where young ones can e-mail concerns to highlighted authors. Do i have to provide notice and acquire parental consent?
Then delete the child’s email address (and do not otherwise maintain or store the child’s personal information in any form), then you fall into the Rule’s “one-time contact” exception and do not need to obtain parental consent if you simply answer the child’s question and.
3. We provide e-cards plus the cap cap ability for children to forward items of interest with their friends on my child-directed software. May I benefit from one of many Rule’s exceptions to parental permission or should I notify moms and dads and get permission with this activity?
The response depends upon how you design your e-card or forward-to-a-friend system. Any system providing any possibility to expose information that is personal compared to the recipient’s email calls for you to definitely obtain verifiable consent from the sender’s parent (not e-mail plus), and will not fall within certainly one of COPPA’s restricted exceptions. Which means should your e-card/forward-to-a-friend system allows information that is personal to be disclosed either in the “from” or “subject” lines, or in the human body of this message, you then must alert the sender’s moms and dad and get verifiable parental permission before collecting any information that is personal through the child.
So that you can make the most of COPPA’s contact that is“one-time” for the e-cards, your online form might only gather the recipient’s email (and, if desired, the transmitter or recipient’s very very first name); may very well not gather every other private information either through the transmitter or perhaps the receiver, including persistent identifiers that track an individual with time and across sites. More over, so that you can satisfy this one-time contact exception, your e-card system should never permit the sender to enter her complete name, her e-mail address, or the recipient’s complete name. Nor may you let the transmitter to easily type messages in a choice of the topic line or in any text industries of this e-card.
Finally, you need to send the e-card straight away and immediately delete the recipient’s email soon after giving. Then this collection parallels the conditions for the Rule’s “multiple contact exception” for obtaining verifiable parental consent if you choose to retain the recipient’s email address until some point in the future (e.g., until the e-card is opened by the recipient, or you allow the sender to indicate a date in the future when the e-card should be sent. In this scenario, you have to gather the parent’s that is sender’s address and offer notice and a way to choose off towards the sender’s parent ahead of the e-card is sent. See 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59888, 59902 n. 222.
4. I wish to gather current email address, but no other information that is personally identifying inside my website’s registration procedure. We want to make use of the email just for the goal of supplying password reminders to users whom register back at my site. Do I first need to offer notice and acquire parental consent before gathering a child’s email address?
Then you must provide notice to parents and the opportunity to opt out under the Rule’s multiple-contact exception if you plan to retain the child’s email address in retrievable form after the initial collection, to be used, for example, to email children reminders of their passwords. See 16 C.F.R. § 312.5(c)(4).
But, you’ll gather a child’s email to be used to authenticate the little one for purposes of producing a password reminder without very first providing parental notice and giving a moms and dad the chance to decide away that it can only be used as a password reminder and cannot be reconstructed into its original form or used to contact the child if you meet the following conditions: (1) you do not collect any personal information from the child other than the child’s email address; (2) the child cannot disclose any personal information on your website; and (3) you immediately and permanently alter the email address (e.g., through “hashing”) such. You need to explain this method in a definite and manner that is conspicuous both in the point of collection plus in your site’s online privacy, which means that your users and their moms and dads are informed regarding how the e-mail details is likely to be utilized. This may prevent confusion by visitors yet others whom may otherwise assume that the web site is improperly gathering and email that is retaining without the type of parental notice.