The Children’s Online Privacy and Protection Act, more commonly known as COPPA, is a law dealing with how websites, apps, and other online operators collect data and personal information from kids under the age of 13.
COPPA has a number of requirements, but some key ones are that tech companies making apps, websites, and online tools for kids under 13 must:
- provide notice and get parental consent before collecting information from kids;
- and keep information they collect from kids confidential and secure.
(Source: Complying with COPPA: Frequently Asked Questions)
For a more detailed, yet still accessible, overview of the law, you can also check out EdWeek’s “COPPA and Schools: The (Other) Federal Student Privacy Law, Explained.” The article gets into the somewhat confusing and contentious issue of whether or not schools can stand in for kids’ parents when giving consent. In short, schools can grant COPPA consent if—here’s the tricky part—the tool is used solely for an educational purpose. As the FTC explains in its COPPA FAQs, the information collected must be “for the use and benefit of the school, and for no other commercial purpose.” And it can often be hard to tell exactly where that line is drawn.
In addition to knowing when teachers and schools can consent on behalf of parents, teachers and schools should also follow other best practices with respect to COPPA: conducting appropriate due diligence in vetting products and providing appropriate information to parents (such as the names of sites or services it has consented to on behalf of parents, and those sites and services’ information practices).