FTC COPPA FAQs - I operate a general audience website that contains a specific children’s section. May I post a single privacy policy for the entire site…, or must I have a separate privacy policy for children’s data?

Compliance > COPPA
Q:  I operate a general audience website that contains a specific children’s section.  May I post a single privacy policy for the entire site that combines information about my children’s and general information practices, or must I have a separate privacy policy for children’s data?
 
A:  In the 1999 Statement of Basis and Purpose, the Commission noted that “operators are free to combine the privacy policies into one document, as long as the link for the children’s policy takes visitors directly to the point in the document where the operator’s policies with respect to children are discussed, or it is clearly disclosed at the top of the notice that there is a specific section discussing the operator’s information practices with regard to children.”  See 64 Fed. Reg. 59888, 59894 n.98.  This advice remains in effect under the amended Rule.  Operators should also ensure that the link for the children’s portion of the privacy policy appears on the home page or screen of the children’s area of the site or service, and at each area where personal information is collected from children.  See 16 C.F.R. § 312.4(d).
 
 
 ADDITIONAL INFORMATION:
This information was obtained from the FTC’s webpage on “Complying with COPPA:  Frequently Asked Questions.”   https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions
 

Add Feedback