1. Do i need to keep all information we have actually ever collected online from a young child in the event a parent might want to view it in the foreseeable future?
No. Since the Commission noted within the 1999 Statement of Basis and Purpose, “if a parent seeks to examine their child’s information that is personal the operator has deleted it, the operator may merely reply that it no further has any information concerning that child. ” See 64 Fed. Reg. 59888, 59904.
2. Imagine if, despite my most careful efforts, I mistakenly hand out a child’s information that is personal to an individual who isn’t that child’s moms and dad or guardian?
The Rule calls for one to provide moms and dads with a way of reviewing any personal information you collect online from young ones. Even though the Rule provides that the operator must ensure that the requestor is just a moms and dad for the son or daughter, it notes that in the event that you follow reasonable procedures in giving an answer to a ask for disclosure for this information that is personal, you simply will not be liable under any federal or state law in the event that you erroneously release a child’s information that is personal to an individual aside from the moms and dad. See 16 C.F.R. § 312.6(a)(3 i that is)( and (b).
K. DISCLOSURE OF DATA TO THIRD PARTIES
1. I evaluate whether the security measures that entity has in place are “reasonable” under the Rule?
Before sharing information with such entities, you should determine what the service providers’ or third parties’ data practices are for maintaining the confidentiality and security of the data and preventing unauthorized access to or use of the information if I want to share children’s personal information with a service provider or a third party, how should. Your objectives to treat the info must be expressly addressed in any agreements which you have actually with providers or 3rd events. In addition, you need to utilize reasonable means, such as for instance regular monitoring, to ensure that any companies or 3rd events with that you share children’s information that is personal the confidentiality and protection of the information.
2. We run an advertising community. I discover 3 months following the effective date regarding the Rule that i’ve been gathering private information via a child-directed site. Exactly what are my responsibilities regarding information that is personal we accumulated following the Rule’s effective date, but before I realized that the information and knowledge ended up being collected via a child-directed site?
Unless an exclusion is applicable, you need to offer notice and get verifiable parental consent in the event that you: (1) continue steadily to collect brand new private information through the website, (2) re-collect private information you collected prior to, or (3) make use of or disclose information that is personal you realize to own originate from the child-directed website. With respect to (3), you must get verifiable parental consent before utilizing or disclosing previously-collected information just when you yourself have real knowledge which you built-up it from the child-directed website. In contrast, if, for instance, you had converted the info about sites checked out into interest groups ( ag e.g., recreations enthusiast) and no longer have any indicator about in which the data initially originated from, you are able to continue steadily to make use of those interest categories without delivering notice or acquiring verifiable parental permission. In addition, if you had gathered a persistent identifier from a person from the child-directed site, but haven’t linked that identifier utilizing the web site, you are able to continue using the identifier without providing notice or getting verifiable parental permission.
According to the previously-collected information that is personal understand originated in users of a child-directed site, you need to adhere to parents’ needs under 16 C.F.R. § 312.6, including needs to delete any information that is personal gathered through the child, even though you will never be making use of or disclosing it. Also, as a practice that is best you really need to delete information that is personal you realize to possess result from the child-directed web site.
L. REQUIREMENT TO LIMIT IDEAS COLLECTION
1. I deny that child access to my service?
Yes if I operate a social networking service and a parent revokes her consent to my maintaining personal information collected from the child, can. In cases maiotaku dating site where a parent revokes consent and directs you to definitely delete the information that is personal had gathered through the kid, you might end the child’s usage of your solution. See 16 C.F.R. § 312.6(c).
2. I know that the Rule claims We cannot shape a child’s involvement in a game title or award providing regarding the child’s disclosing extra information than is fairly required to take part in those tasks. Performs this limitation apply to other online activities?
Yes. The relevant Rule supply just isn’t restricted to games or prize offerings, but includes “another activity. ” See 16 C.F.R. § 312.7. This means you have to carefully examine the info you want to collect relating to every task you provide to be able to make sure that you are just gathering information that is fairly required to take part in that task. This guidance is with in maintaining utilizing the Commission’s general assistance with information minimization.