I. EXCEPTIONS TO PRIOR PARENTAL CONSENT
1. I do want to have competition back at my child-directed site. May I make use of the Rule’s “one-time contact” exclusion to previous consent? That is parental, in the event that you precisely design your competition. You might use the “one time contact” exception then only contact such children once when the contest ends to notify them if they have won or lost if you collect children’s online contact information, and only this information, to enter them in the contest, and. At that time, you have to delete the contact that is online you have got gathered.
If, but, you anticipate to get hold of the children one or more time, you need to utilize the exception that is“multiple-contact” that you can also needs to gather a parent’s online contact information and offer moms and dads with direct notice of the information methods and a chance to choose away. The Rule prohibits you from using the children’s online contact information for any other purpose, and requires you to ensure the security of the information, which is particularly important if the contest runs for any length of time in either case.
Should you want to collect any information from children online beyond online email address associated with contest entries – such as for instance gathering a winner’s house target to mail a reward – you need to first offer parents with direct notice and obtain verifiable parental consent, while you would for other forms of information that is personal collection beyond online contact information. Should you choose have to have a mailing address and desire to stay inside the one-time exclusion, you might ask the little one to offer their parent’s online contact information and usage that identifier to alert the moms and dad in the event that kid wins the competition. In your award notification message to the moms and dad, you’ll ask the parent to deliver home mailing address to ship the award, or ask the moms and dad to phone a telephone number to present the mailing information.
2. I have a website that is child-directed has an “Ask the Author” part where young ones can email concerns to highlighted writers. Do i must offer notice and acquire parental consent?
In the event that you just respond to the child’s question and then delete the child’s email (plus don’t otherwise keep or keep the child’s information that is personal in every kind), then you end up in the Rule’s “one-time contact” exception and don’t have to get parental permission.
3. We offer e-cards additionally the cap ability for young ones to forward components of interest for their buddies back at my child-directed software. Can I make use of one of several Rule’s exceptions to parental permission or should I notify moms and dads and acquire consent with this activity?
The solution is dependent on the manner in which you design your e-card or system that is forward-to-a-friend. Any system supplying any chance to expose information that is personal other compared to the recipient’s email address calls for one to obtain verifiable permission through the sender’s moms and dad (not email plus), and doesn’t fall within certainly one of COPPA’s restricted exceptions. Which means that then you must notify the sender’s parent and obtain verifiable parental consent before collecting any personal information from the child if your e-card/forward-to-a-friend system permits personal information to be disclosed either in the “from” or “subject” lines, or in the body of the message.
So that you can benefit from COPPA’s contact that is“one-time” for the e-cards, your on line type might only collect the recipient’s email (and, if desired, the transmitter or recipient’s first title); you might not collect virtually any information that is personal either through the transmitter or perhaps the receiver, including persistent identifiers that monitor the consumer over time and across sites. Furthermore, so that you can satisfy this one-time contact exclusion, your e-card system must not enable the transmitter to enter her name, her e-mail address, or even the recipient’s name that is full. Nor may you let the sender to easily type messages either in the topic line or in any text fields of this e-card.
Finally, you need to deliver the e-card straight away and automatically delete the recipient’s email right after delivering. Then this collection parallels the conditions for the Rule’s “multiple contact exception” for obtaining verifiable parental consent if you choose to retain the recipient’s email address until some point in the future (e.g., until the e-card is opened by the recipient, or you allow the sender to indicate a date in the future when the e-card should be sent. In this scenario, you need to gather the sender’s parent’s email address and offer notice and a way to decide away to the sender’s moms and dad ahead of the e-card is delivered. See 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59888, 59902 n. 222.
4. I wish to gather current email address, but no other myself determining information, inside my website’s registration process. We want to make use of the email limited to the goal of supplying password reminders to users whom subscribe back at my web web site. Do I first need to offer notice and acquire parental permission before gathering a child’s current email address?
Then you must provide notice to parents and the opportunity to opt out under the Rule’s multiple-contact exception if you plan to retain the child’s email address in retrievable form after the initial collection, to be used, for example, to email children reminders of senior match dating site reviews their passwords. See 16 C.F.R. § 312.5(c)(4).
Nonetheless, you could collect a child’s email to be utilized to authenticate the little one for purposes of creating a password reminder without very first delivering parental notice and offering a moms and dad the opportunity to decide away that it can only be used as a password reminder and cannot be reconstructed into its original form or used to contact the child if you meet the following conditions: (1) you do not collect any personal information from the child other than the child’s email address; (2) the child cannot disclose any personal information on your website; and (3) you immediately and permanently alter the email address (e.g., through “hashing”) such. You need to explain this method in a definite and manner that is conspicuous both during the point of collection as well as in your site’s online privacy, which means that your users and their moms and dads are informed on how the email details should be utilized. This can avoid confusion by site visitors among others who may otherwise assume that your particular web site is improperly gathering and keeping e-mail addresses without the kind of parental notice.