The Children's Online Privacy Protection Act, known as COPPA, includes a “Safe Harbor” provision that allows industry groups and others to seek Commission approval of self-regulatory guidelines that implement “the same or greater protections for children” as those contained in the COPPA Rule enforced by the Federal Trade Commission (FTC), states and certain federal agencies with respect to entities over which they have jurisdiction.
Companies and organizations that participate in an FTC-approved COPPA Safe Harbor program will, in most circumstances, be subject to the review and disciplinary procedures provided in the safe harbor’s guidelines in lieu of formal FTC investigation and law enforcement. Approved safe harbor programs must demonstrate that they meet certain performance standards, as outlined in Section 312.11 of the Rule.
Why work with a COPPA Safe Harbor?
COPPA Safe Harbor membership supports online services to meet the requirements of the regulation and stay compliant. Companies that comply avoid exposure to heavy fines and brand damage. Certification helps to build brand trust and integrity with users, parents, regulators and industry.
By definition, “safe harbor” allows for time to remediate if something is discovered to be out of compliance or if something innocently goes awry. For example, in the fast-paced world of technology, changes do sometimes get rolled back in a release or a software bug occurs. Robust compliance monitoring looks for such issues and supports to resolve in a timely manner. If an operator cannot resolve and refuses to make a fix there is a process to remove COPPA Safe Harbor certification. However, it is important to note that by joining a program the very point is to bring the service into compliance and to monitor that compliance to ensure those fixes are made during a prescribed term.
Supporting members to assess risk and construct compliant solutions is also an important area of a Safe Harbor’s work and should not be seen as a conflict of interest. Any member in good standing of a Safe Harbor program will agree that it is not a “free pass.” Companies working with a Safe Harbor are investing precious resources in the form of legal, executive, product, program and engineering time and expertise to understand the intricacies of any privacy concerns or potential compliance violations and to take the policy, practice and engineering steps to implement remedies sufficient for compliance certification.
In PRIVO’s view, success of a Safe Harbor program is better measured by its records of successful remediation (how the Safe Harbor contributed to improving privacy) rather than the number of expulsions and enforcement as a matter of course.
PRIVO’s COPPA Safe Harbor Certification Program
PRIVO has been an FTC authorized COPPA Safe Harbor since 2004, trusted by leading family brands, certifying hundreds of apps, sites, games, and other online services. Program members agree to submit to PRIVO’s oversight and consumer dispute resolution process. Members must meet definitive standards to assure that they are fully compliant with COPPA, offering a comprehensive service that includes auditing a digital property as it relates to children's privacy, parental notice and consent, and best practices for safer online communities.
In addition to yearly audits and quarterly reviews, PRIVO conducts monitoring and consulting on a regular basis. A detailed findings report is provided including risks and potential mitigations. A second report includes tracking scans to review third party implementations and highlight any risks. As part of the program, PRIVO supports your oversight with your third-party vendors, licensees and partners to ensure they are in alignment with your compliance strategy.
PRIVO handles dispute resolution, inquiries from consumers, schools and regulators who have concerns about the collection, use and/or disclosure of consumer's personal information regarding your online property/product. This is the value of membership to businesses who want to be compliant but need specialized expertise to fully understand where they may fall short and what remedial options are available and acceptable. In fact, the Safe Harbor process of - assess, report, remediate, certify, repeat is the very engine which in turn supports the delivery of compliant and privacy protected experiences for children.
Companies that proactively join a Safe Harbor program are putting heads above the parapet and opening the doors for review and evaluation. They have committed to doing the work required to get their houses in order.
Learn more about PRIVO’s COPPA Safe Harbor program.