The Children’s Online Privacy Protection Act (“COPPA”) contains a “safe harbor” under which companies that participate in approved programs will be deemed by the FTC to be in compliance with the Act. There are currently four approved safe harbor programs. The industry group iSAFE is seeking to become the fifth such program, and recently submitted proposed self-regulatory guidelines to the FTC. iSAFE’s proposed guidelines mirror the requirements of COPPA, and provide that websites that collect personal information from children 12 years old or younger must contain a prominent link to the site’s privacy policy. In addition, the guidelines provide that participating websites must make efforts to ensure parents receive notice regarding the website’s information collection, use and disclosure practices and, subject to certain enumerated exceptions, must obtain verifiable parental consent before any collection, use, or disclosure of personal information from children. Participating websites must also provide parents with the ability to access and review their child’s personal information and provide parents and children with reasonable means to submit and attempt to resolve complaints about the participant’s information practices. Finally, the guidelines prohibit participating websites from conditioning a child’s participation in an activity on disclosing more personal information than is reasonably necessary to participate in the activity.

TIP: Operators of websites that are directed at children may want to consider taking advantage of the liability shields an FTC-approved safe harbor program can offer.