1. I wish to have competition back at my child-directed internet site. Am I able to make use of the Rule’s “one-time contact” exclusion to previous consent? That is parental, if you correctly design your competition. You might make use of the “one time contact” exception then only contact such children once when the contest ends to notify them if they have won or lost if you collect children’s online contact information, and only this information, to enter them in the contest, and. At that time, you have to delete the contact that is online you’ve got gathered.
If, nonetheless, you anticipate to make contact with the children multiple time, you have to utilize the “multiple-contact” exclusion, that you can also needs to gather a parent’s online email address and supply moms and dads with direct notice of one’s information methods and a way to opt away. The Rule prohibits you from using the children’s online contact information for any other purpose, and requires you to ensure the security of the information, which is particularly important if the contest runs for any length of time in either case.
If you want to gather any information from children online beyond online email address regarding the contest entries – such as for example gathering a winner’s house address to mail a prize – you have to first offer moms and dads with direct notice and get verifiable parental permission, while you would for any other forms of information that is personal collection beyond online contact information. You may ask the child to provide his parent’s online contact information and use that identifier to notify the parent if the child wins the contest if you do need to obtain a mailing address and wish to stay within the one-time exception. In your reward notification message into the moms and dad, you might ask the moms and dad to present home mailing target to deliver the award, or ask the parent to phone a cell phone number to supply the mailing information.
2. I’ve a child-directed site that has an “Ask the Author” corner where young ones can email concerns to highlighted writers. Do i have to offer notice and acquire parental consent?
In the event that you just respond to the child’s question and then delete the child’s email (plus don’t otherwise keep or store the child’s private information in almost any type), then you belong to the Rule’s “one-time contact” exception plus don’t want to obtain parental permission.
3. We provide e-cards additionally the cap cap ability for young ones to forward components of interest with their friends on my child-directed application. Could I make the most of one of many Rule’s exceptions to parental permission or should I notify parents and get permission because of this activity?
The response is determined by the manner in which you design your e-card or system that is forward-to-a-friend. Any system providing any possibility to expose private information other compared to the recipient’s email address requires one to obtain verifiable permission from the sender’s moms and dad (not email plus), and will not fall within certainly one of COPPA’s restricted exceptions. Which means that then you must notify the sender’s parent and obtain verifiable parental consent before collecting any personal information from the child if your e-card/forward-to-a-friend system permits personal information to be disclosed either in the “from” or “subject” lines, or in the body of the message.
So that you can make the most of COPPA’s contact that is“one-time” for the e-cards, your on line kind might only gather the recipient’s email (and, if desired, the transmitter or recipient’s very first title); you might not gather any other private information either through the transmitter or the receiver, including persistent identifiers that monitor an individual with time and across sites. More over, so that you can fulfill this one-time contact exclusion, your e-card system must not permit the transmitter to enter her name, her email address, or loveroulette sign up even the recipient’s name that is full. Nor may you let the transmitter to freely type messages either in the line that is subject in any text industries of this e-card.
Finally, you ought to immediately send the e-card and immediately delete the recipient’s email address right after giving. If you decide to wthhold the recipient’s email until some part of the long run (age.g., through to the e-card is exposed because of the receiver, or perhaps you let the sender to point a romantic date in the foreseeable future once the e-card should always be sent), then this collection parallels the conditions for the Rule’s “multiple contact exception” for obtaining verifiable parental consent. In this situation, you need to collect the sender’s parent’s e-mail target and supply notice and a chance to choose down towards the sender’s parent ahead of the e-card is sent. See 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59888, 59902 n. 222.
4. I’d like to collect email, but hardly any other physically pinpointing information, within my website’s registration procedure. We plan to utilize the current email address just for the goal of supplying password reminders to users whom enroll back at my site. Do I first need certainly to offer notice and acquire parental consent before gathering a child’s current email address?
Then you must provide notice to parents and the opportunity to opt out under the Rule’s multiple-contact exception if you plan to retain the child’s email address in retrievable form after the initial collection, to be used, for example, to email children reminders of their passwords. See 16 C.F.R. § 312.5(c)(4).
Nevertheless, you might gather a child’s email to be utilized to authenticate the kid for purposes of creating a password reminder without very first delivering parental notice and offering a moms and dad the chance to choose down in the event that you meet listed here conditions: (1) you may not gather any private information through the youngster apart from the child’s email; (2) the child cannot reveal any personal information on your website; and (3) you straight away and completely affect the email (age.g., through “hashing”) so that it can simply be utilized as being a password reminder and cannot be reconstructed into its initial type or utilized to contact the kid. You need to explain this method in a definite and conspicuous way, both in the point of collection plus in your site’s online privacy, which means your users and their moms and dads are informed on how the email details should be utilized. This will avoid confusion by site visitors yet others whom may otherwise assume your site is improperly gathering and retaining e-mail details without the type of parental notice.