What are we discussing with our clients who have children-facing products following some new/recent Federal Trade Commission enforcement actions?
Here are some key takeaways:
- Age gate like you mean it: A system where a person who is under 13 can enter a birth date, get blocked, go back and then change the birth date, is NOT good enough for COPPA compliance.
- Don’t blindly rely on third parties: If you allow signing up to your system through third-party services that do not themselves properly age gate children under 13, that may not be COPPA compliant.
- Don’t track kids without consent: You can’t use third-party trackers for analytics/advertising without parental consent.
- Make it easy: You have to have a simple process for parents to delete a child’s information
- Implement reasonable and effective systems to check for under 13s in your system: You can use “keyword matching” (scanning for posts saying “i’m under 13,” but don’t be to restricted in implementing. Allow your content moderators sufficient time to conduct reviews. For example, allowing only five to seven seconds reviewing each account flagged by a keyword to determine if it belonged to a child may not be enough. Make sure your QA process works and if an account is marked to be banned as underage that this actually happens.