At Green Arrow Consultancy we take everyone who uses the internet's privacy and protection seriously, especially the data that is collected from children. This article will show you how important it is that your website respects the laws around the protection of children’s data under the laws that govern it.
The European Union does not have an independent law that addresses the protection of children’s data like the United States Children’s Online Privacy Protection Act of 1998. Rather, it addresses the protection of children’s data throughout its General Data Protection Regulation by indicating which provisions within the GDPR warrant a higher standard to protect children’s data.
GDPR and COPPA are very different, with GDPR covering a broader spectrum of online data protection and COPPA being purely for the privacy of children’s data. GDPR also relates to all collection, use, and disclosure of data and states that this must be of an even higher priority when it is children’s data. On the other hand, COPPA focuses entirely on children’s data being protected online and only applies to online services where they know that they are collecting personal information from children.
Another difference between GDPR and COPPA is the age at which children can give consent for the collection and processing of their data. GDPR details the stipulations for consent for children’s data more clearly than that of COPPA.
COPPA states that the age of consent for data collection and processing is 13 years old. It isn’t quite so clear-cut with GDPR. Under GDPR Article 8, the age of consent, i.e. when a child is required or able to give their consent to process their data, is 16. However, member states can allocate their age of consent, although not below the age of 13, which is what the law states within the UK.
Other differences between the GDPR and COPPA are that of obtaining parental consent and parental access to data when someone is under the age of consent.
GDPR leaves it up to the controller of the data to make reasonable efforts to obtain verification. It is silent on the issue of parental access to their child’s data. Although COPPA doesn’t stipulate parental access it does clearly display downloadable consent forms and clearly displays the privacy policy describing information practices for personal information.
The difference between the European Union and the United States' approaches to privacy for children’s data online is rather different. Nevertheless, the two models of addressing children’s data may not be as different as you think. Both GDPR and COPPA protect children’s data, with the biggest difference being in how they handle parental consent and will produce as varied results as one might expect given the large role that individual member states still have in passing their national laws aside from GDPR.
If you would like to chat with us about ensuring that your website is COPPA and/or GDPR Compliant, please contact us today and a member of the team would be happy to discuss any issues that are concerning to you and your business.
