1

Planning for COPPA Compliance

 2

Planning for COPPA Compliance

Since children cannot make rational decisions on the internet, online companies and

parents should protect them from online abuse and misuse. Organizations and parents should

collaborate to ensure that children enjoy the utmost confidentiality, privacy, and security online.

There is a need to protect children from any cyber threat that can cause harm and adverse

outcomes, whether through objective decisions or subjective self-report (Hartikainen et al.,

2019). Online platforms need to implement strategies and policies that protect children from

online threats. Children Online Privacy Protection Act (COPPA) is one of the policy frameworks

that protect the privacy and confidentiality of children's online information. However, its

existence has not stopped the violation of children’s privacy rights like in the case of Klepo Cats

and Klepo Dogs or Hyperbeard. The board should ensure policies encouraging this collaboration

and give parents full control of children’s online information.

Klepo Cats and Dogs Case

Hyperbeard violated COPPA regulation by collecting children’s, below 23 years,

information and using them for targeted marketing. From the case, it did not only collect the data

and used it for company purposes but also shared it with a third-party organization, which in turn

used to organize and execute targeted marketing targeting children. It used persistent identifiers

to track and profile kids without notifying parents or obtaining parental consent. The

organization only published a disclaimer notifying users that it is not meant for children below

thirteen years, despite games and content targeting such users or audiences. Similarly, it ran

advertisements using characters in the games to market children's books, stuffed animals, and

construction sets. This was a clear violation of COPPA regulation, which gives the parents the

power to control the information that online companies collect from children below 13 years. As
 3

a result, whether it published the information or not, it collected it illegally. It shared it with a

third party, which used the data for targeted marketing focused on children below thirteen years,

thus the $4 million fine.

Legal Analysis

COPPA rule defines personal information as a screen or user name used for functions

other than or in addition to supporting the website's or online device’s internal operations

(National Archives and Records Administration, 2013). The COPPA policies violated in this

case involve failure to post and publish a clear online privacy policy. Instead, Hyperbeard used a

disclaimer notifying users that the platform was not meant for children under 13 years. The

disclaimer, in this case, is just drifting from reality and a scapegoat for taking responsibility for

the information it collects. Besides, it failed to protect the privacy and confidentiality of the

information it collected by sharing with a third party, which ran targeted adverts on the platform

and did not consult the parents when sharing the information with the third party organization.

Based on this case, Hyperbeard failed the transparency and openness test about its data privacy

policies and violated the confidentiality regulations on COPPA rules.

More importantly, the company violated all the laws and regulations that give the parents

the power to control what information the company should collect about the child and how the

data should be used. In this case, the rules about parents ‘consent during collection, access to

personal information, and control over online use or further collection were ignored (Federal

Trade Commission, 2022). No parent was allowed to determine the kind of information kids

provided online and how the company used them. Also, parents did not have the opportunity to

approve the information before sharing it with a third party or delete the data anytime they felt

uncomfortable with the platform’s conduct. Besides, Hyperbeard failed to seek parents’ approval
 4

when running the targeted advertisements. Based on this, the kids could not make an informed

decision about the information to give and how the platform was supposed to use it.

Leadership Recommendations

To avoid such losses and fines, the company should ensure effective leadership that can

implement appropriate policies for protecting children’s personal information and ensures

honesty, transparency, and openness in its activities through rational leadership (Sacavém et al.,

2019). The company should have a positive attitude towards implementing the policies and

standards in application and website development that involves parents, collects necessary

information only, and seeks parents’ consent and stakeholders’ feedback on its compliance with

COPPA. It should ask for parents’ feedback and implement relevant strategies to handle those

complaints (Schooley, 2019). For instance, it can implement a policy where the primary profile

email and phone number is for parent and use it to seek parents’ consent when collecting or

sharing information. It should also ask parents to choose whether the data should be shared with

a third party. The contact details should allow parents to give feedback and delete their children’s

information. All these require goodwill, honesty, and integrity and encourage open

communication and action on the feedback and complaints from the leadership.

Conclusion

This case provides a clear view of what the company leaders should avoid and the

policies to put in place to protect the privacy and confidentiality of kids. To safeguard the

company from such losses, the organization should create policies that ensure openness and

transparency on how it collects and uses children’s data. The policy should use parents’ contact

information to give them absolute control and track how the organization uses the information
 5

they collect. This approach will help reduce the complaints and give parents complete control

over their children’s information on the company’s online platforms or applications.

 6

References

Federal Trade Commission. (2022, January 28). Complying with COPPA: Frequently asked

questions. https://www.ftc.gov/business-guidance/resources/complying-coppa-

frequently-asked-questions

Hartikainen, H., Iivari, N., & Kinnula, M. (2019). Children’s design recommendations for

online safety education. International Journal of Child-Computer Interaction, 22,

100146, https://doi.org/10.1016/j.ijcci.2019.100146

National Archives and Records Administration. (2013). Federal Register (Vol. 78, No. 12).

Federal Trade Commission. https://www.ftc.gov/system/files/2012-31341.pdf

Sacavém, A., Cruz, R. V., Sousa, M., Rosário, A., & Gomes, J. S. (2019). An integrative

literature review on leadership models for innovative organizations. An integrative

literature review on leadership models for innovative organizations, 8(3), 1741-1751,

https://repositorio.iscte-iul.pt/bitstream/10071/20464/1/JRGEV8A156-Sacav

%C3%A9m.pdf

Schooley, S. (2019, August 26). How to be a good leader - businessnewsdaily.com. Business

News Daily. https://www.businessnewsdaily.com/4991-effective-leadership-skills.html