惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security Affairs
N
News and Events Feed by Topic
T
Tenable Blog
P
Proofpoint News Feed
W
WeLiveSecurity
Simon Willison's Weblog
Simon Willison's Weblog
Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
Help Net Security
Help Net Security
I
Intezer
T
Threat Research - Cisco Blogs
S
Secure Thoughts
C
Cyber Attacks, Cyber Crime and Cyber Security
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
Google Online Security Blog
Google Online Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Tor Project blog
N
News | PayPal Newsroom
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
Arctic Wolf
Forbes - Security
Forbes - Security
O
OpenAI News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Security Latest
Security Latest
P
Palo Alto Networks Blog
S
Schneier on Security
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
H
Heimdal Security Blog
V
Vulnerabilities – Threatpost
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园_首页
T
Troy Hunt's Blog
Latest news
Latest news
Recent Announcements
Recent Announcements
MyScale Blog
MyScale Blog
人人都是产品经理
人人都是产品经理
L
LINUX DO - 热门话题
M
MIT News - Artificial intelligence
N
Netflix TechBlog - Medium
V
Visual Studio Blog
H
Hacker News: Front Page

Compliance Solutions for Websites, Apps and Organizations | iubenda

AI can build your website. It can't manage your consent. | iubenda Browser signals and machine-readable consent: what they are and what the EU’s Digital Omnibus could change California Consumer Privacy Act (CCPA): Complete Guide How to increase your cookie banner opt-in rates: 5 mistakes to fix today | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #153) Why your consent management setup is a marketing performance question Everything you need to know about GDPR The redesigned cookie banner and configurator What nobody tells you about handing over the company you built European marketers are betting on retention. Privacy could be the edge they’re not using yet. The 5 best alternatives to Didomi in 2026: Pros, cons, pricing, and comparison Looking back on 15 years: what iubenda's founder would tell his 2011 self | iubenda The best cookie policy generator in 2026 DPO Newsletter: Global Data Protection & Privacy News (issue #152) | iubenda What publishers should expect from the EU’s Digital Omnibus proposal Uncertainty is the biggest blocker to AI adoption in marketing | iubenda Everything AI app builders need to know about vibecoding and privacy compliance | iubenda Introducing 1-Click Embedding for Google Tag Manager The Essential Small Business Terms and Conditions Template: What You Need to Know Terms of Use Template | iubenda IAB Europe Raises Concerns Over GDPR Procedural Regulation Draft Report | iubenda Learn from HelloFresh's Costly Mistake: Ensure Compliance with iubenda | iubenda Understanding the Spanish DPA Guide on Audience Measurement Cookies | iubenda The Austrian Data Protection Authority's FAQs on Cookies and Privacy | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #127) | iubenda Microsoft Ensuring European Data Stays Within the EU Cloud Boundary | iubenda Businesses Beware: ICO’s Record £14.3m in Fines for Data Misuse in 2023 Understanding the Risks and Responsibilities of Model-as-a-Service Companies in AI Development Facebook's New “Link History” Feature: A Blend of Convenience and Surveillance? | iubenda OpenAI’s Strategic Move in the EU: Aligning with Data Privacy Regulations TikTok Faces Lawsuit Over Tracking Non-Users What’s the Digital Markets Act (DMA) and how will it affect you? | iubenda Simplifying Cookie Consent: The European Commission's Approach | iubenda Google Settles Landmark Privacy Lawsuit for $5 Billion | iubenda Navigate GDPR Compliance with Confidence: Lessons from Recent Fines in Italy Simplifying the Commission's New Reporting Template for Digital Market Gatekeepers | iubenda Understanding the GDPR Complaint Against X (Twitter) for Illegal MicroTargeting | iubenda Spanish Media Giants Take On Meta in a Groundbreaking $600 Million Lawsuit | iubenda DPO Newsletter: Data Protection & Privacy News (issue #126) | iubenda Belgian DPA Mandates Cookie Banner Changes for Major Media Websites | iubenda UK's Top Websites Warned by ICO to Revise Cookie Practices | iubenda Understanding the European Union's Data Act | iubenda Google Announces Consent Mode v2 – here’s what it means for your business and advertising Noyb Challenges EU Commission Over Controversial Ad Campaign | iubenda OECD Updates AI Definition: A Step Forward in Shaping EU’s AI Law Firefox To Introduce Simplified Global Privacy Control Berlin Court Cracks Down on LinkedIn’s Privacy Violations The YouTube Ad Blocker Controversy: A Test of the ePrivacy Directive? | iubenda DPO Newsletter: Data Protection & Privacy News (issue #125) Facebook and Instagram Subscription: Meta adds a paywall | iubenda GDPR Violation: Lack of Transparency in Data Processing via Google Fonts Amazon Introduces AWS European Sovereign Cloud to Address EU Regulations | iubenda Texas New Data Privacy Law TDPSA: Everything you need to know How to Make Money with a Website Without Selling Anything Oregon Consumer Privacy Act: Overview | iubenda Google’s Move to Disable Third-Party Cookies: What Advertisers Need to Know IMY Fines H&M for GDPR Violations: A Closer Look EU Commission Requests Information from X Under Digital Services Act: What You Need to Know | iubenda Understanding California’s “Delete Act” and Data Broker Regulations TCF v 2.2 Initial Layer (Banner) Requirements | iubenda Grindr Faces €5.8 Million Fine: A Reminder on the Importance of GDPR Compliance | iubenda Newly Enacted Iowa Consumer Data Protection Act (ICDPA) | iubenda The Witch’s Brew of Privacy: A Halloween Tale of Compliance and Consequences IAB TCF 2.2 – What you need to do DPO Newsletter: Data Protection & Privacy News (issue #124) Blog Ideas That Make Money: How To Make Money From Your Blog + Examples | iubenda Maximize your Growth with Online Presence Management | iubenda Meta's New Pivot in Europe: To Pay or Not to Pay for an Ad-Free Experience? | iubenda Consumer Reports Launches Free ‘Permission Slip’ App to Protect Your Data | iubenda DAZN’s Access Request Saga Personal Brand Logo: How to Stand Out in a Crowded Marketplace UK-US Data Bridge: A New Era for Secure Data Transfers 7 Ways How to Promote Affiliate Links Effectively (And Boost Commissions) | iubenda Mastering LinkedIn Personal Branding: A Guide to More Opportunities Meta's New Approach: Pay for Your Privacy? | iubenda No Return, No Refund Policy Template & Guide GDPR in the US: a GDPR Checklist for US Companies Crafting a Niche with Branding and Identity Design | iubenda The Online Safety Bill: A Leap Towards a Safer Digital United Kingdom Understanding Google's $93m Settlement over Consumer Location Data Accusations | iubenda CCPA vs CPRA: Key Differences You Need to Know | iubenda How To Use Ecommerce Retargeting to Grow Your Business | iubenda PECR: Everything you need to know | iubenda How Mobile Apps Illegally Share Your Personal Data: A Deep Dive | iubenda Legal Spotlight: Privacy Concerns Surrounding OpenAI’s ChatGPT and Microsoft’s Involvement Legal Scrutiny Looms Over Transatlantic Data Deal: French MEP Takes Action Understanding the Digital Markets Act: A Comprehensive Guide Block AI Crawlers: Here’s How To Stop Your Site From Being Used for AI Training (OpenAI and Google Bard Irish Regulator Slaps $368M Fine on TikTok DPO Newsletter: Data Protection & Privacy News (issue #123) | iubenda The Privacy Pitfalls of Vehicle Data Collection: What You Need to Know | iubenda Twitter customer’s data on the menu for xAI models Update: Revised Swiss Privacy Law Takes Effect Fitbit and the GDPR Hurdle: What You Need to Know About Your Data Privacy | iubenda Terms of Service Template for your site | iubenda Senators Urge FTC to Investigate YouTube and Google for Violating Children's Privacy: What You Need to Google AdSense Requirements: Here's What You Need to Know | iubenda Users can’t opt out from marketing emails: FTC fines Experian $650,000 | iubenda DPO Newsletter: Data Protection & Privacy News (issue #122) | iubenda 7 Ways Business Process Automation Can Increase Your Profits
COPPA Compliance Checklist | iubenda
Jessica Ryder · 2023-02-23 · via Compliance Solutions for Websites, Apps and Organizations | iubenda

The Children’s Online Privacy Protection Act (COPPA) was established to protect children’s online privacy and place certain requirements on website operators and app developers. Failure to comply with COPPA can result in significant legal and financial consequences. That’s where our COPPA Compliance Checklist comes in handy!

COPPA Compliance Checklist

In this article, we will provide a brief but comprehensive COPPA compliance checklist that website operators and app developers can use to ensure they are in compliance with the law. 

  • What is COPPA compliance?
  • Do I need to comply with COPPA?
  • What are the requirements for COPPA compliance?
  • Need to comply? Use this COPPA compliance checklist

What is COPPA compliance?

The Children’s Online Privacy Protection Act (COPPA), which was passed by Congress in 1998 and mandated that the Federal Trade Commission create and implement regulations pertaining to children’s online privacy. On July 1st, 2013, the revised Regulation went into force.

COPPA’s main objective is to safeguard children’s internet privacy (and at the same time on the mobile ecosystem).

Do I need to comply with COPPA?

Operators of websites and online services that gather personal data from children under 13 are subject to COPPA. Here’s a more detailed guide to figuring out whether COPPA applies to you. COPPA must be followed if:

  • Your website or online service is directed to children under 13, and you collect personal information from them; or
  • Your website or online service is directed to children under 13, and you let others collect personal information from them; or
  • Your website or online service is directed to a general audience, but you have actual knowledge that you collect personal information from children under 13; or
  • Your company runs an ad network or plug-in, for example, and you have actual knowledge that you collect personal information from users of a website or service directed to children under 13.

What are the requirements for COPPA compliance?

The Children’s Online Privacy Protection Act (COPPA) places several requirements on website operators and app developers to protect the online privacy of children under the age of 13. Here are the key requirements for COPPA compliance:

  1. Obtaining parental consent before collecting personal information from children under 13.
  2. Providing clear and concise privacy policies that explain how personal information is collected, used, and shared.
  3. Displaying a prominent and easy-to-use mechanism for parents to review and delete their child’s personal information.
  4. Implementing reasonable security measures to protect the confidentiality, security, and integrity of personal information collected from children.
  5. Designating a COPPA compliance officer responsible for overseeing the company’s compliance with the law.
  6. Providing ongoing training to employees about COPPA compliance.

Need to comply? Use this COPPA compliance checklist

Step 1: Privacy Policy

Providing a privacy policy is the next step. It must specify in detail how any personal data obtained online from children under the age of 13 will be handled. The notice must outline not only your policies but also those of any third parties who may be using your site or service to gather personal information, such as plug-ins or ad networks.

Add a link to your privacy policy on your homepage and anywhere else you gather children’s personal information. 

Your privacy policy must be understandable and simple to read in order to comply with COPPA. Avoid including any irrelevant or perplexing material.

What your policy must contain is as follows:

  1. A list of all operators collecting personal information;
  2. A description of the personal information collected and how it’s used;
  3. A description of parental rights.

👀 Further information on what to include in your privacy policy can be found here →

Step 2: Notify Parents 

When collecting information from children, COPPA mandates that you “directly notify” parents of your information practices. Also, you must issue an updated direct notice if you materially alter the procedures that parents originally authorized.

Step 3: Get Parents’ Verifiable Consent 

You need the verifiable consent of the child’s parents before you can collect, use, or disclose their personal information.

💡 How can you collect parent’s consent?

COPPA leaves it up to you, but it’s crucial to pick a technique that’s been sensibly created in light of the technology that is currently available to make sure that the person providing the consent is the child’s parent. You may obtain consent directly or through the child-directed site or service if you have real knowledge that you are collecting personal information from a site or service that is targeted toward children.

Step 4: Honor Parents’ Ongoing Rights 

Parents have ongoing rights, and you retain ongoing obligations, even if parents have given you permission to collect information from their children.

If a parent requests it, you must:

  • Provide them with a way to evaluate the personal data gathered about their kid;
  • Provide them with a way to withdraw their consent and object to the use or collection of additional personal data about their child;
  • Erase their child’s data.

Step 5: Protect the Security of Kids’ Personal Information

In accordance with COPPA, you must set up and keep in place appropriate safeguards for the privacy, security, and integrity of any personal data you collect from minors. Reduce the amount you initially acquire. Take reasonable steps to ensure that only service providers and other third parties who can preserve the confidentiality, security, and integrity of the information are given access to personal information. 

Targeting kids? Get started with COPPA compliance now

Generate your COPPA-compliant Privacy Policy