1. I would like to have contest back at my child-directed web site. Can I utilize the Rule’s “one-time contact” exception to previous parental consent?
Yes, if you precisely design your competition. You could utilize the “one time contact” exception if you gather children’s online contact information, and just these records, to enter them within the competition, then just contact such young ones whenever once the competition finishes to inform them whether they have won or lost. At that time, you have to delete the contact that is online you’ve got gathered.
If, however, you anticipate to get hold of the children one or more time, you have to make use of the exception that is“multiple-contact” that you can additionally needs to gather a parent’s online contact information and offer moms and dads with direct notice of the information techniques and a way to decide away. In any case, the Rule prohibits you from utilizing the children’s online contact information for almost any other function, and needs one to make sure the safety associated with information, that will be specially essential if the competition operates for just about any period of time.
If you want to collect any information from children online beyond online contact information in connection with contest entries – such as for example gathering a winner’s house target to mail a reward – you have to first provide moms and dads with direct notice and get verifiable parental permission, while you would for other forms of private information collection beyond online contact information. You may ask the child to provide his parent’s online contact information and use that identifier to notify the parent if the child wins the contest if you do need to obtain a mailing address and wish to stay within the one-time exception. In your award notification message to your moms and dad, you may possibly ask the moms and dad to supply a true home mailing target to deliver the award, or ask the moms and dad to phone a phone number to produce the mailing information.
2. We have a website that is child-directed comes with an “Ask the Author” part where young ones can e-mail questions to highlighted writers. Do i must offer notice and get parental consent?
In the event that you merely answer the child’s question and then delete the child’s email address (plus don’t otherwise keep or keep the child’s private information in virtually any kind), then you fall under the Rule’s “one-time contact” exception plus don’t have to get parental consent.
3. I provide e-cards in addition to ability for young ones to forward components of interest for their buddies on my child-directed software. May I benefit from one of several Rule’s exceptions to parental permission or should I notify moms and dads and acquire permission with this activity?
The solution is determined by the method that you design your e-card or forward-to-a-friend system. Any system providing any possibility to reveal information that is personal compared to the recipient’s email address calls for one to obtain verifiable permission through the sender’s moms and dad (not e-mail plus), and will not fall within certainly one of COPPA’s restricted exceptions. Which means that then you must notify the sender’s parent and obtain verifiable parental consent before collecting any personal information from the child if your e-card/forward-to-a-friend system permits personal information to be disclosed either in the “from” or “subject” lines, or in the body of the message.
So that you can benefit from COPPA’s contact that is“one-time” for the e-cards, your online kind may just gather the recipient’s email address (and, if desired, the sender or recipient’s first title); you might not gather any kind of information that is personal either through the sender or the recipient, including persistent identifiers that track the consumer with time and across sites. More over, so that you can meet this one-time contact exclusion, your e-card system must not permit the sender to enter her name, her email address, or even the recipient’s name that is full. Nor may you permit the transmitter to easily type messages in a choice of the topic line or in any text fields associated with the e-card.
Finally, you really need to deliver the e-card instantly and automatically delete the recipient’s email just after delivering. If you decide to wthhold the recipient’s email address until some part of the long run (age.g., before the e-card is exposed by the receiver, or perhaps you enable the transmitter to point a romantic date as time goes by whenever e-card should really be sent), then this collection parallels the conditions when it comes to Rule’s “multiple contact exception” for getting verifiable parental consent. In this situation, you need to collect the parent’s that is sender’s address and supply notice and a chance to choose away towards the sender’s parent prior to the e-card is delivered. See 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59888, 59902 n. 222.
4. I would really like to gather email address, but no other actually pinpointing information, inside my website’s registration procedure. We plan to utilize the current email address limited to the goal of providing password reminders to users who subscribe back at my web site. Do I first need to offer notice and get parental permission before gathering a child’s current email address?
If you want to hold the child’s email address in retrievable kind after the initial collection, to be utilized, as an example, to email kiddies reminders of these passwords, then you definitely must make provision for notice to parents therefore the possibility to choose down underneath the Rule’s multiple-contact exclusion. See 16 C.F.R. § 312.5(c)(4).
Nonetheless, you’ll gather a child’s email address to be utilized to authenticate the little one for purposes of producing a password reminder without very first delivering parental notice and offering a parent the chance to decide down that it can only be used as a password reminder and cannot be reconstructed into its original form or used to contact the child if you meet the following conditions: (1) you do not collect any personal information from the child other than the child’s email address; (2) the child cannot disclose any personal information on your website; and (3) you immediately and permanently alter the email address (e.g., through “hashing”) such. You really need to explain this procedure in a clear and conspicuous way, both during the point of collection as well as in your site’s online privacy, so your users and their moms and dads are informed about how precisely the e-mail details should be utilized. This can avoid confusion by site visitors as well as others whom may otherwise assume that the web site is improperly gathering and keeping e-mail details without the as a type of parental notice.