1. I would like to have competition on my child-directed internet site. Could I utilize the Rule’s “one-time contact” exclusion to previous consent? That is parental, in the event that you precisely design your competition. You might make use of the “one time contact” exception in the event that you gather children’s online contact information, and only these records, to enter them into the contest, then only contact such kids as soon as once the contest stops to alert them whether they have won or lost. At that time, you have to delete the contact that is online you’ve got gathered.
If, nonetheless, you anticipate to make contact with the children more than one time, you need to make use of the exception that is“multiple-contact” that you can additionally needs to gather a parent’s online email address and supply moms and dads with direct notice of the information techniques and a chance to choose down. The Rule prohibits you from using the children’s online contact information for any other purpose, and requires you to ensure the security of the information, which is particularly important if the contest runs for any length of time in either case.
If you want to gather any information from children online beyond online contact information in connection with contest entries – such as for instance gathering a winner’s home target to mail a prize – you have to first offer moms and dads with direct notice and obtain verifiable parental permission, while you would for other kinds of private information collection beyond online contact information. Should you choose want to have a mailing address and desire to stay inside the one-time exclusion, you may possibly ask the little one to deliver their parent’s online contact information and employ that identifier to inform the moms and dad in the event that youngster wins the competition. In your prize notification message into the moms and dad, you could ask the moms and dad to give you home mailing target to deliver the reward, or ask the parent to call a telephone quantity to deliver the mailing information.
2. I’ve a website that is child-directed has an “Ask the Author” part where children can e-mail concerns to highlighted writers. Do i must provide notice and get parental consent?
Then delete the child’s email address (and do not otherwise maintain or store the child’s personal information in any form), then you fall into the Rule’s “one-time contact” exception and do not need to obtain parental consent if you simply answer the child’s question and.
3. I provide e-cards plus the cap cap ability for young ones to forward components of interest for their buddies back at my child-directed application. Could I benefit from one of many Rule’s exceptions to parental permission or should I notify moms and dads and acquire permission because of this activity?
The solution is determined by the method that you design your e-card or system that is forward-to-a-friend. Any system supplying any possibility to expose information that is personal other than the recipient’s email requires one to get verifiable consent through the sender’s parent (not e-mail plus), and doesn’t fall within certainly one of COPPA’s restricted exceptions. Which means in case your e-card/forward-to-a-friend system allows information that is personal to be disclosed either in the “from” or “subject” lines, or perhaps in the human body regarding the message, you then must alert the sender’s moms and dad and get verifiable parental permission before gathering any private information through the son or daughter.
So that you can benefit from COPPA’s “one-time contact exclusion” for your e-cards, your online kind might only gather the recipient’s email (and, if desired, the transmitter or recipient’s first title); may very well not gather some other personal information either through the transmitter or even the receiver, including persistent identifiers that track the consumer over time and across sites. Furthermore, to be able to fulfill this one-time contact exclusion, your e-card system should never permit the sender to enter her name, her e-mail address, or even the recipient’s name that is full. Nor may you let the transmitter to easily type messages either in the line that is subject in any text areas regarding the e-card.
Finally, you ought to immediately send the e-card and automatically delete the recipient’s email soon after sending. Then this collection parallels the conditions for the Rule’s “multiple contact exception” for obtaining verifiable parental consent if you choose to retain the recipient’s email address until some point in the future (e.g., until the e-card is opened by the recipient, or you allow the sender to indicate a date in the future when the e-card should be sent. In this situation, you need to gather the sender’s parent’s email target and supply notice and a way to choose off to your sender’s moms and dad prior to the e-card is delivered. See 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59888, 59902 n. 222.
4. I would like to gather email, but hardly any other really pinpointing information, inside my website’s registration procedure. We plan to make use of the current email address limited to the objective of supplying password reminders to users whom enroll to my web site. Do I first need certainly to offer notice and acquire parental consent before gathering a child’s current email address?
If you want to retain the child’s email in retrievable kind following the initial collection, to be utilized, for instance, to e-mail kiddies reminders of the passwords, then you definitely must definitely provide notice to moms and dads together with possibility to decide out beneath the Rule’s multiple-contact exception. See 16 C.F.R. § 312.5(c)(4).
Nonetheless, you might gather a child’s email to be used to authenticate the little one for purposes of creating a password reminder without very first delivering parental notice and providing a moms and dad the chance to choose away in the event that you meet the next conditions: (1) that you do not gather any information that is personal through the son or daughter except that the child’s email; (2) the child cannot reveal any private information on the web site; and (3) you instantly and completely affect the email (e.g., through “hashing”) so that it can only just be utilized as being a password reminder and should not be reconstructed into its original kind or utilized to contact the kid. You really need to explain this technique in a definite and conspicuous way, both in the point of collection as well as in your site’s online privacy, so your users and their moms and dads are informed about how precisely the e-mail details will soon be utilized. This may avoid confusion by visitors yet others whom may otherwise assume that your particular web web site is improperly gathering and retaining email details with no type of parental notice.