COPPA Compliance for Magento Websites

The Children’s Online Privacy and Protection Act (COPPA) outlines the manner in which apps, websites, and various other online services can collect personal information from children. Enacted in 1998, COPPA regulates the online privacy and protection of children under the age of 13 only.

 
COPPA compliance is essential for any web-based service or app including Magento websites and it’s important for site owners to maintain compliance to avoid penalties.

Who Needs to Be COPPA Compliant?

In general, COPPA compliance applies to any operators of websites, apps, or other online services that partake in the collection of personal information from kids under 13. The law applies to those who operate a Magento website and provides content geared towards children or provides general content you know is accessed by children under 13, and if you collect personal information from them, you must maintain COPPA compliance.

In general, the FTC will evaluate your content to determine if you use elements like animated characters, child models, child celebrities, and child-geared activities to determine if your content is directed toward children.

Personal information includes practically anything provided by the user, like name, phone number, address, email address, IP address, cookies, photos, audio, video, GPS location, and more. If you collect this information, whether actively or passively, or allow children to share this information in a hosted chat or other forum, you must become COPPA compliant.

Selling products and services targeted towards children, or including children in targeted advertising material can make you subject to COPPA compliance.

How Do You Become COPPA Compliant on Magento?

In order to become COPPA compliant on Magento, you must first and foremost post a privacy notice describing how the collected information is handled by you and any third-party plugin or ad network. You must list all parties collecting the information, a description of what’s collected, how it’s collected, and how it is used, and a description of parental rights.

Specifically, you must provide direct notice, including a copy of the online privacy policy. Most importantly, you must notify parents about these practices, and require verifiable consent before the child may proceed. Verifiable consent can include options ranging from a physical consent form, a toll-free phone call, a signed and mailed document, a government ID, a series of challenge questions, or verification of the parent’s photo id.

After consent is given through one of the accepted methods, you must continue to remain COPPA compliant by allowing the parent to continuously review the information given, and withdraw consent at any time. Overall, you must establish procedures to ensure you are protecting any information given with the proper safeguards.

Additional changes to your Magento website including account creation process, age verification/gated content, and parental control schemes may be necessary depending on your business and customer experience workflows. These can vary significantly and should be assessed on a case-by-case basis to ensure compliant workflows are implemented correctly.

Giving customers the ability to create distinct parent and child accounts can help with COPPA Compliance.

Budgeting for COPPA Compliance

While configuring your Magento website to be COPPA compliant is an important step, additional expenditures and actions may be needed across the business to ensure full compliance including:

• Infrastructure changes to hardware, security, & processes
• Policy application and evaluation from legal and human resource divisions
• Auditing with services from third parties, scanners, or other hardware/software devices
• Workforce education & training

Don’t ignore these important items as well when considering making your business COPPA compliant.

Magento Compliance Experts

Need help getting your Magento website COPPA compliant? Let the experts at Forix help map out a plan and implementation schedule for you. With over 10 years of experience on Magento, Forix has helped businesses small and large implement and stay compliant with regulations and acts including: COPPA, HIPAA, PCI, ADA, GDPR, and more.

Get it touch today and let the experts here at Forix help with your next compliance implementation today.

DISCLAIMER: Information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information.