Children's Advertising Review Unit (CARU): Business Privacy Tips

Jul 23, 2019 by BBB National Programs

Data Privacy Day is an international effort to empower individuals to take ownership of their online presence and inspire businesses to respect privacy. To celebrate, we’re sharing tips companies and small businesses can use to help ensure that a website or online service complies with COPPA.

  1. Draft Your Own Privacy Policy. You would be surprised how many companies cut and paste other privacy policies or templates. Unfortunately, privacy is not a one-size-fits-all type of situation. You need to draft a policy for your site or service that accurately reflects your specific privacy practices or you render the document useless. Make sure you include everything that applicable laws require. But be straight and to the point. The FTC frowns upon including unrelated or confusing information, which serves only to misdirect readers’ attention from what is important.
  2. Shout It From the Rooftop. Make sure that all your third-party service providers are aware that your product is child-targeted. Under COPPA, you are strictly liable for any information that they collect from you so make sure that they are treating the collection of user information appropriately.
  3. Respect Your Teachers. If you are providing your website or service to schools, ensure that the school receives the same notice for consent that you would provide to a parent before collecting information from children. For example, under COPPA, you must inform parents of all personal information your service collects or can be publicly disclosed by children.
  4. Less is More. When it comes to information collection, the less you collect, the better. Collect only what personal information you truly require to participate in the service you offer. Every piece of personal information you collect should have a specified business purpose. And you should list that purpose in your privacy policy.
  5. Call Me Maybe. Be sure that you list your full contact information for your company in your privacy policy. Include your business address, phone number and an email address for an inbox that is regularly monitored. When it comes to children’s privacy, your organization needs to be readily available.
  6. Easy Way Out. Provide parents and guardians with an easily accessible method to delete a child’s personal information or opt out of future collection.
  7. No Means No.  Before collecting or allowing children to disclose personal information, you must get verifiable parental consent. Do not collect any personal information from children other than a parent’s email address before you obtain parental consent. 
  8. Captive Audience. Determine who your audience is: you may intend to operate a service directed to teens, but if you attract a substantial number of children, you may be required to comply with COPPA. See Section G of the COPPA FAQs.
  9. Location, Location, Location. If you collect or allow third-parties to collect geolocation data you may need parental consent first. If the address collected is sufficient to identify a street name and city or town, you need parental consent.
  10. Join a Safe Harbor! If you’re concerned that your website or online service does not comply with COPPA, have no fear! You can join a certified Safe Harbor program to help you get into compliance with COPPA. CARU was the first FTC-approved Safe Harbor and we’re here to assist you.

 

If you have any questions about COPPA compliance or joining CARU’s Safe Harbor program, please email CARU at info@caru.bbb.org.

Suggested Articles

Blog

Case Study: Getting to Compliance with CARU and COPPA

In a recent case, CARU worked with TickTalk to help them achieve compliance with CARU’s Privacy Guidelines and the Children’s Online Privacy Protection Act (COPPA). CARU sat down with TickTalk once the case had closed to discuss their experience as well as some of the privacy challenges many companies face in the children’s space.
Read more
Blog

What to Know About the Georgia Lemon Law

BBB AUTO LINE provides an overview of each state’s lemon laws. In our ongoing blog series, we offer further insights on the laws for select states, and how BBB AUTO LINE can support consumers with lemon law disputes. Florida, California, and Texas have been covered. This post reviews the nuances of the lemon law in the Peachtree State – Georgia.
Read more
Blog

The TAPP Roadmap: Helping U.S. Companies Responsibly Collect and Manage Teenager Data

Even as data privacy and safety practices that work for adult consumers provide a firm foundation for teens, they simultaneously run the risk of being insufficient to respond to the unique needs of teens. The TeenAge Privacy Program (TAPP) Roadmap was designed to assist any business that wishes to engage proactively with teen consumers, providing an operational framework to map the broad spectrum of potential harms impacting teens onto a concrete set of operational considerations.
Read more
Blog

Pursuing Best Practices For Representation In Advertising

As advertising volume increases, so too do people’s expectations of representation in advertising. Unfortunately, advertising collectively is still falling short, and consumer perceptions reflect that. Why answer this call from consumers? And what is being done about it?
Read more