FTC Approves Oversight Program For Compliance With Kids’ Online Privacy Rules

The FTC announced today that the agency has approved a new “safe harbor” certification program for websites that handle childrens’ personal data. The kidSAFE program will certify websites and programs that meet the standards of the the Children’s Online Privacy Protection Act.

COPPA is the rule that governs how websites are allowed to collect and use childrens’ personal information. Even adults encounter COPPA pretty regularly, in the form of that little tick box on many sites asking the user to verify that they are 13 or older.

COPPA doesn’t completely prohibit websites from collecting kids’ personal information, but it does require sites to obtain verifiable parental consent and to outline how and when any personal data data will be used. Mainstream or all-ages sites like Facebook find it easier not to allow accounts for the under-13s, but obviously a site aimed specifically at grade-schoolers operates differently.

The kidSAFE seal doesn’t change any element of the existing standards, but instead creates something of a voluntary certification process. Sites receiving its seal of approval meet standards at least as exacting as those required under the law. The FTC explains:

The Commission determined that the kidSAFE safe harbor program provides “the same or greater protections for children” as those contained in the COPPA Rule; effective mechanisms used to assess operators’ compliance; effective incentives for operators’ compliance with the guidelines; and an adequate means for resolving consumer complaints.

A certified safe harbor program, because it is found to meet those standards, basically supplants direct involvement from the FTC in most (though not necessarily all) circumstances. The FTC says that participating websites, “will be subject to the review and disciplinary procedures provided in the safe harbor’s guidelines in lieu of formal FTC investigation and law enforcement.”

KidSAFE is not a universal program; it’s run by a private company. And it’s decidedly opt-in: according to their website, “The kidSAFE+ Seal is only available to companies who first become members in our program and who specifically request and qualify for this level of certification.”

However, for sites that do choose to join, the FTC now agrees that kidSAFE certification is in compliance with the law. To be marked as kidSAFE+ and COPPA-compliant, a site must have:

  • Safety measures for chat and community features (if applicable)
  • Rules and educational info about online safety
  • Procedures for handling safety issues and complaints
  • Parental controls over child’s account
  • Age-appropriate content, advertising, and marketing
  • Neutral age questions
  • Parental notice and consent procedures (when applicable)
  • Parental access to child’s personal information (when applicable)
  • Data integrity and security procedures
  • COPPA-compliant privacy policy
  • COPPA oversight and enforcement by the kidSAFE® Seal Program

No seal of approval by itself can make the internet safe for anyone, let alone for kids, but parents can at least rest assured that if they see this one on any site their children are using, the FTC thinks it’s legit.