1. Understand how to handle your audience.
Only want kids 13 and up engaging with your online property? It’s not OK to just block kids 12 and under if your site looks and feels child directed or has content that appeals to them.
2. Understand what constitutes PII (personally identifiable information).
For example, photos, voice recordings and videos are personally identifiable information, needing full verifiable parental consent. Depending on what you collect and let kids share, make sure you are seeking the correct level of parental consent for what you offer your younger users.
3. Mobile apps are subject to COPPA regulations and app store regulations too.
Understand the kid categories and avoid rejection when you submit your app. COPPA requires a privacy policy link on the landing or opening screen of an app, but Apple doesn’t allow a link out from the app in their For Kids category unless it is parent gated. And by having a parent gate to meet Apple’s requirements, doesn’t mean you are now COPPA compliant. Avoid wasting time being rejected and get it right before you submit.
4. Get the proper level of parental consent.
It’s not good enough to just send a parent an email to say their child is interested in signing up for an online service. Avoid violations and ensure your direct notices contain all the relevant information and links needed. Read more about verifiable parental consent and when you may need to collect it.
5. Make sure your privacy policy is up to date and seek consent for new features and updates.
Many businesses update features and content, but fail to update their collection and use of information sections in their privacy policies. Material changes require actions beyond just changing the date of your policy.
Learn more about COPPA by visiting PRIVO's COPPA resource page.