European websites could find themselves breaking a US law brought into force today if they receive information about child internet users.
The US Children's Online Privacy Protection Act (Coppa) comes into effect on 21 April and requires internet sites that market to people under 13 years of age to follow detailed procedures or face fines, and in some cases class action lawsuits.
The law, although being introduced in the US also affects international websites that gather information about children in the US. The Act not only affects sites targeted at children but also other businesses that may receive personal information from young people.
For example a website could be liable if an individual providing the site with personal details claims their date of birth is 1990.
Bart Lazar, a partner in the high tech industry group of law firm Seyfarth, Shaw, Fairweather & Geraldson, said: "Companies assume that if they are not marketing their websites to children, Coppa is not a concern. This is not the case. Coppa has more far reaching applications than its title suggests."
He advised sites to re-examine the type of information they require from their visitors and replace questions about specific birth dates with age ranges.
The law requires companies that do not intend to pass child information onto third parties to obtain parental consent via email, but sites wanting to market the data to others need permission signed on paper, or to set up hotlines for parents to give authorisation.
"The driving force behind this law is to protect children on the internet and to get parental involvement," explained Lazar.
Use the same password for every website? It might be time to change them all
Applicants for parking bay suspensions put at risk of credit card fraud by Islington Council
Robert Swan appointed interim CEO after Brian Krzanich's departure
Should you link your data sets to add value, or leave them separate to reduce risk?