Q: I want to run ads on my child-directed websites and apps. What do I need to know to make sure that I am complying with COPPA?
A: There are a number of questions you must find answers to before you enter into an arrangement with any entity to serve advertising to run on your child-directed sites and services. These include:
Is there a way to control the type of advertising that appears on the sites and services? (e.g., can you stipulate and contract only for contextual advertising, and can you prohibit behavioral advertising or retargeting?)
What categories of information will be collected from users on the sites and services in connection with the ads they are served? Will persistent identifiers be collected for purposes other than support for internal operations? Will geolocation information be collected in connection with the ads served?
You should make informed decisions before you permit advertising to run on your sites and services. Depending on what advertising choices you make, you may be required to notify parents in your online privacy policies and in a direct notice, and obtain verifiable parental consent, before you permit advertising to occur. Remember that the amended Rule holds you liable for the collection of information that occurs on or through your sites and services, even if you yourself do not engage in such collection.