1. Do i must keep all information we have actually ever collected online from a kid in the event a moms and dad may choose to notice it in the foreseeable future?

No. Due to the fact Commission noted when you look at the 1999 Statement of Basis and Purpose, “if a parent seeks to examine his child’s information that is personal the operator has deleted it, the operator may merely respond that it no further has any information concerning that child. ” See 64 Fed. Reg. 59888, 59904.

2. Imagine if, despite my many careful efforts, we mistakenly hand out a child’s information that is personal to a person who isn’t that child’s parent or guardian?

The Rule calls for you to definitely offer moms and dads with a way of reviewing any information that is personal you collect online from kiddies. Even though Rule provides that the operator must be sure that the requestor is just a parent associated with the son or daughter, in addition it notes that in the event that you mistakenly release a child’s personal information to a person other than the parent if you follow reasonable procedures in responding to a request for disclosure of this personal information, you will not be liable under any federal or state law. See 16 C.F.R. § 312.6(a)(3)(i) and (b).


1. I evaluate whether the security measures that entity has in place are “reasonable” under the Rule?

Before sharing information with such entities, you should determine what the service providers’ or third parties’ data practices are for maintaining the confidentiality and security of the data and preventing unauthorized access to or use of the information if I want to share children’s personal information with a service provider or a third party, how should. Your expectations for the treating the info should always be expressly addressed in just about any agreements which you have actually with providers or 3rd parties. In addition, you have to use reasonable means, such as for instance regular monitoring, to verify that any companies or 3rd parties with that you share children’s private information keep the confidentiality and protection of this information.

2. We run an advertising network. I discover 3 months following the effective date associated with Rule that I have been gathering information that is personal using a website that is child-directed. What exactly are my obligations regarding information that is personal we obtained following the Rule’s effective date, but if you: (1) continue to collect new personal information via the website, (2) re-collect personal information you collected before, or (3) use or disclose personal information you know to have come from the child-directed site before I discovered that the information was collected via a child-directed site?

Unless an exception applies, you must provide notice and obtain verifiable parental consent. With respect to (3), you need to get verifiable parental consent before using or disclosing previously-collected information just if you have real knowledge you accumulated it from the child-directed website. In comparison, if, for instance, you had converted the information about sites checked out into interest groups ( e.g., recreations enthusiast) no longer have any indicator about in which the data originally originated from, it is possible to continue to utilize those interest categories without delivering notice or getting verifiable parental permission. In addition, in the event that you had gathered a persistent identifier from a person regarding the child-directed internet site, but have never connected that identifier with all the web site, it is possible to continue steadily to use the identifier without supplying notice or getting verifiable parental permission.

According to the previously-collected information that is personal understand originated from users of a child-directed web site, you need to adhere to parents’ demands under 16 C.F.R. § 312.6, including demands to delete any private information gathered through the son or daughter, even though you won’t be making use of or disclosing it. Moreover, as being a most useful training you ought to delete private information you understand to possess result from the child-directed web site.


1. If we run a social media solution and a moms and dad revokes her permission to my keeping information that is personal gathered through the youngster, may I reject that child usage of my solution?

Yes. If your parent revokes consent and directs you to delete the information that is personal had collected through the son or daughter, you may possibly end the child’s usage of your solution. See 16 C.F.R. § 312.6(c).

2. I understand that the Rule says I cannot shape a child’s involvement in a prize or game providing regarding the child’s disclosing extra information than is reasonably essential to take part in those tasks. Performs this limitation connect with other activities that are online

Yes. The relevant Rule supply just isn’t restricted to games or award offerings, but includes “another task. ” See 16 C.F.R. § 312.7. Which means that you need to very carefully examine the info you would like to collect associated with every task you provide to be able to make certain you are just gathering information that is fairly required to be involved in that activity. This guidance is with in maintaining utilizing the Commission’s general assistance with information minimization.

Leave a Comment