< compliance
CenturyLink assists in compliance with Federal Trade Commission's COPPA Rule

COPPA

The Children’s Online Privacy Protection Act (COPPA) Rule is designed to protect children's privacy and safety online.

The Federal Trade Commission (FTC), our nation’s consumer protection agency, enforces the Children’s Online Privacy Protection Act (COPPA) Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. Effective July 1, 2013, the FTC updated the COPPA Rule to reflect changes in technology. CenturyLink enables its customers to comply with COPPA’s requirements, particularly customers whose websites are designed for children, or have websites geared to a general audience but may collect information from someone known to be under 13.

Overview

As a leading Hybrid Cloud Service provider, CenturyLink enables its customers to adhere to and meet the requirements for the COPPA Rule. COPPA gives parents control over what information websites can collect from their kids. The COPPA Rule—with new provisions in effect on July 1, 2013—puts additional protections in place and streamlines other procedures that companies covered by the rule need to follow. If a company or organization’s website is designed for kids or has a website geared to a general audience but collects information from someone under 13, they must comply with COPPA’s requirements.

Benefits

  • Aligns your compliance with the COPPA Rule
  • Identifies your organization and website as “child-friendly”
  • Emphasizes your organization’s COPPA compliance and commitment to privacy and parental choice

Do you need COPPA?

The FTC has developed a Six-Step Compliance Plan for Your Business. CenturyLink can help address the final step of COPPA’s six-step plan: Implement Reasonable Procedures to Protect the Security of Kids’ Personal Information.

  • Determine if Your Company is a Website or Online Service that Collects Personal Information from Kids Under 13
  • Post a Privacy Policy that Complies with COPPA
  • Notify Parents Directly Before Collecting Personal Information from Their Kids
  • Get Parents’ Verifiable Consent Before Collecting Information from Their Kids
  • Honor Parents’ Ongoing Rights with Respect to Information Collected from Their Kids
  • Implement Reasonable Procedures to Protect the Security of Kids’ Personal Information

How CenturyLink Can Help Your Organization Comply with Step 6

COPPA requires you to establish and maintain reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children. The following are some suggested guidelines:

  • Minimize what you collect in the first place.
  • Take reasonable steps to release personal information only to service providers and third parties capable of maintaining its confidentiality, security and integrity. Get assurances that the service providers you select will live up to those responsibilities.
  • Hold on to personal information only as long as is reasonably necessary for the purpose for which it was collected. Securely dispose of it once you no longer have a legitimate reason for retaining it.

Downloadable PDF: The COPPA Rule: A Six-Step Compliance Plan for Your Business.

Frequently Asked Questions

What is COPPA?

The COPPA Rule regulates the online collection of personal information from children under 13 years of age. The primary goal of the COPPA Rule is to give parents control over what information is collected from their children online and how such information may be used. The Rule applies to operators of websites and online services directed to children under 13, and to general audience websites that knowingly collect personal information from children under 13. The Rule has been in place since 2000 and the FTC revised it, effective July 1, 2013.

COPPA applies to?

The COPPA Rule applies to operators of commercial websites and online services directed to children under the age of 13 that collect personal information. In addition, it applies to operators of sites and online services geared toward general audiences that have “actual knowledge” that they are collecting information from children under 13. Under the 2013 revisions, COPPA also applies to operators when they have “actual knowledge” they are collecting personal information from users of another site or online service directed to kids under 13. That means that in certain circumstances, COPPA applies to advertising networks, plug-ins and other third parties.

The Rule doesn’t require operators of sites or services directed to general audiences to investigate the ages of its users. However, asking for or otherwise collecting information that establishes that a visitor is under 13 triggers COPPA compliance.

So here’s the answer in a nutshell. You’re covered by COPPA if:

  • Your website or online service is directed to children under 13 and collects personal information from them
  • Your website or online service is directed to a general audience, but you have “actual knowledge” you’re collecting personal information from a child under 13
  • You run a third-party service like an ad network or plug-in and you’re collecting information from users of a site or service directed to children under 13

COPPA doesn’t just apply to websites, but also to “online services.” What types of online services does COPPA apply to?

COPPA applies to personal information collected online by operators of both websites and online services. The term “online service” broadly covers any service available over the Internet, or that connects to the Internet or a wide-area network. Examples of online services include services that allow users to play network-connected games, engage in social networking activities, purchase goods or services online, receive online advertisements or interact with other online content or services. Mobile applications that connect to the Internet, Internet-enabled gaming platforms, voice-over-Internet protocol services, and Internet-enabled location-based services also are online services covered by COPPA.

When does the operator of a website or online service have “actual knowledge” of someone’s age?

Although the Rule doesn’t define the term, the FTC has said that an operator has actual knowledge of a user’s age if the site or service asks for - and receives - information from the user that allows it to determine the person’s age. For example, an operator who asks for a date of birth on a site’s registration page has actual knowledge, as defined by COPPA, if the user responds with a year that suggests they’re under 13. An operator also may have actual knowledge based on answers to “age identifying” questions like “What grade are you in?” or “What type of school do you go to? a) elementary; b) middle; c) high school; d) college.”

Third-party sites or services may have actual knowledge under COPPA, too. For example, if the operator of a child-directed site directly communicates to an ad network or plug-in about the nature of its site, the ad network or plug-in will have actual knowledge under COPPA. The same holds true if a representative of the ad network or plug-in recognizes the child-directed nature of the site’s content.

There’s another way an ad network or plug-in may have actual knowledge is if a concerned parent or someone else informs a representative of the ad network or plug-in that it’s collecting information from children or users of a child-directed site or service.

Does COPPA apply to CenturyLink?

No, CenturyLink’s website isn’t directed to children under the age of 13, and the Company does not knowingly collect Personal Information from children under 13 years of age. If you are under 13 years of age you should not use this Website, and under no circumstance should you send information about yourself to CenturyLink. If CenturyLink discovers that a child under the age of 13 has provided us with Personal Information, we will immediately delete that child’s information from the Website. Go to our Privacy page for more information.

Glossary

Collects or collection
Refers to the gathering of any personal information from a child by any means, including but not limited to:
  • Requesting that children submit personal information online
  • Enabling children to make personal information publicly available through a chat room, message board, or other means, except where the operator deletes all individually identifiable information from postings by children before they are made public, and also deletes such information from the operator’s records
  • The passive tracking or use of any identifying code linked to an individual, such as a cookie
Internet
Refers collectively to the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the Transmission Control Protocol/Internet Protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire, radio or other methods of transmission.
Online contact information
An e-mail address or any other substantially similar identifier that permits direct contact with a person online.
Operator
Any person who operates a website located on the Internet or an online service and who collects or maintains personal information from or about the users of or visitors to such website or online service, or on whose behalf such information is collected or maintained, where such website or online service is operated for commercial purposes, including any person offering products or services for sale through that website or online service involving commerce:
  1. Among several states or with one or more foreign nations.
  2. In any territory of the United States or in the District of Columbia, or between any such territory and:
    • Another such territory
    • Any state or foreign nation
  3. Between the District of Columbia and any state, territory, or foreign nation. This definition does not include any nonprofit entity that would otherwise be exempt from coverage under Section 5 of the Federal Trade Commission Act (15 U.S.C. 45).
Personal information
Individually identifiable information about an individual collected online, including:
  1. A first and last name
  2. A home or other physical address including street name and name of a city or town
  3. An e-mail address or other online contact information, including but not limited to an instant messaging user identifier, or a screen name that reveals an individual’s e-mail address
  4. A telephone number
  5. A Social Security number
  6. A persistent identifier, such as a customer number held in a cookie or a processor serial number, where such identifier is associated with individually identifiable information, or a combination of a last name or photograph of the individual with other information such that the combination permits physical or online contacting
  7. Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described in this definition

Related Products

Cloud Services

Hybrid-ready public cloud provides the agility, scalability and security expected from an enterprise-class cloud, backed by an industry leading global network.

Managed Services

Experts at the ready to maintain and administer your cloud deployments. Rapid provisioning, hourly billing, and highly automated.

Managed Security

A full complement of threat prevention, threat management, incident response and analysis services to support your hosted or on-premise enterprise security environments.

Managed Hosting

Maintain complex IT infrastructure and applications with our comprehensive portfolio of managed hosting services including, fully manage networks, servers, storage, operating systems, and security.

Managed Storage & Backups

Gives a range of storage options including data replication and back up/archiving. CenturyLink solutions are secure, affordable and can provide data resilience with up to 5 nines.