I. EXCEPTIONS TO PRIOR PARENTAL CONSENT
1. I do want to have competition back at my child-directed web site. Could I make use of the Rule’s “one-time contact” exception to previous parental consent?
Yes, in the event that you correctly design your contest. You might use the “one time contact” exception in the event that you gather children’s online contact information, and just this information, to enter them within the competition, then just contact such kiddies as soon as once the contest stops to alert them if they have won or lost. At that time, you need to delete the contact that is online you have got gathered.
If, nonetheless, you anticipate to make contact with the children multiple time, you have to utilize the “multiple-contact” exclusion, that you can additionally needs to gather a parent’s online email address and offer moms and dads with direct notice of the information techniques and a way to choose out. The Rule prohibits you from using the children’s online contact information for any other purpose, and requires you to ensure the security of the information, which is particularly important if the contest runs for any length of time in either case.
If you want to collect any information from children online beyond online email address associated with contest entries – such as for instance collecting a winner’s house address to mail a reward – you must first offer moms and dads with direct notice and obtain verifiable parental permission, while you would for any other forms of private information collection beyond online contact information. You may ask the child to provide his parent’s online contact information and use that identifier to notify the parent if the child wins the contest if you do need to obtain a mailing address and wish to stay within the one-time exception. In your award notification message towards the moms and dad, you could ask the moms and dad to give a true home mailing target to deliver the award, or ask the moms and dad to phone a phone quantity to produce the mailing information.
2. We have a website that is child-directed posseses an “Ask the Author” part where young ones can e-mail concerns to featured authors. Do i have to offer notice and get parental consent?
Then delete the child’s email address (and do not otherwise maintain or store the child’s personal information in any form), then you fall into the Rule’s “one-time contact” exception and do not need to obtain parental consent if you simply answer the child’s question and.
3. We provide e-cards therefore the cap cap ability for young ones to forward items of interest with their buddies to my child-directed software. Can I benefit from one of several Rule’s exceptions to consent that is parental should I notify moms and dads and acquire consent because of this activity?
The response is dependent upon the method that you design your e-card or forward-to-a-friend system. Any system providing any chance to expose information that is personal other compared to the recipient’s email ebony flirt address requires you to definitely get verifiable consent through the sender’s moms and dad (not email plus), and doesn’t fall within one of COPPA’s limited exceptions. Which means that then you must notify the sender’s parent and obtain verifiable parental consent before collecting any personal information from the child if your e-card/forward-to-a-friend system permits personal information to be disclosed either in the “from” or “subject” lines, or in the body of the message.
So that you can make use of COPPA’s contact that is“one-time” for the e-cards, your on line kind may just collect the recipient’s email (and, if desired, the transmitter or recipient’s very very first title); may very well not gather any kind of information that is personal either through the sender or perhaps the receiver, including persistent identifiers that track an individual with time and across sites. More over, to be able to satisfy this one-time contact exclusion, your e-card system should never enable the transmitter to enter her complete name, her e-mail address, or even the recipient’s complete name. Nor may you enable the sender to freely type messages in a choice of the topic line or in any text industries associated with the e-card.
Finally, you ought to deliver the e-card instantly and immediately delete the recipient’s email just after giving. Then this collection parallels the conditions for the Rule’s “multiple contact exception” for obtaining verifiable parental consent if you choose to retain the recipient’s email address until some point in the future (e.g., until the e-card is opened by the recipient, or you allow the sender to indicate a date in the future when the e-card should be sent. In this scenario, you have to gather the parent’s that is sender’s target and supply notice and a chance to choose out to the sender’s moms and dad prior to the e-card is delivered. See 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59888, 59902 n. 222.
4. I wish to gather current email address, but hardly any other information that is personally identifying within my website’s registration procedure. I want to use the email just for the goal of supplying password reminders to users whom sign up back at my web site. Do I first have to offer notice and get parental consent before gathering a child’s current email address?
Then you must provide notice to parents and the opportunity to opt out under the Rule’s multiple-contact exception if you plan to retain the child’s email address in retrievable form after the initial collection, to be used, for example, to email children reminders of their passwords. See 16 C.F.R. § 312.5(c)(4).
Nonetheless, you may possibly collect a child’s email address to be used to authenticate the kid for purposes of producing a password reminder without very very first providing parental notice and providing a parent the chance to choose down in the event that you meet the next conditions: (1) you may not gather any information that is personal through the youngster aside from the child’s email address; (2) the child cannot reveal any private information in your web site; and (3) you straight away and forever affect the email (age.g., through “hashing”) so that it can only just be utilized being a password reminder and should not be reconstructed into its initial kind or utilized to contact the little one. You need to explain this procedure in an obvious and conspicuous way, both in the point of collection as well as in your site’s online privacy, which means that your users and their moms and dads are informed on how the e-mail details are going to be utilized. This may prevent confusion by site visitors among others who may otherwise assume that the web site is improperly gathering and email that is retaining without having any type of parental notice.