nerdexam
IAPP

CIPP-US · Question #224

CIPP-US Question #224: Real Exam Question with Answer & Explanation

The correct answer is B. Collecting information from a child under the age of thirteen.. Based on the incident, the FTC's enforcement actions against the marketer would most likely include the violation of collecting information from a child under the age of thirteen without obtaining verifiable parental consent, as required by the Children's Online Privacy Protectio

Question

SCENARIO Please use the following to answer the next question: Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop. "Doing your network?" Matt asked hopefully. "No," the boy said. "I'm filling out a survey." Matt looked over his son's shoulder at his computer screen. "What kind of survey?" "It's asking Questions about my opinions." "Let me see," Matt said, and began reading the list of Questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders. To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer Questions about his favorite games and toys. Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities. Based on the incident, the FTC's enforcement actions against the marketer would most likely include what violation?

Options

  • AIntruding upon the privacy of a family with young children.
  • BCollecting information from a child under the age of thirteen.
  • CFailing to notify of a breach of children's private information.
  • DDisregarding the privacy policy of the children's marketing industry.

Explanation

Based on the incident, the FTC's enforcement actions against the marketer would most likely include the violation of collecting information from a child under the age of thirteen without obtaining verifiable parental consent, as required by the Children's Online Privacy Protection Act (COPPA) Rule. The COPPA Rule applies to operators of commercial websites and online services (including mobile apps) that collect, use, or disclose personal information from children under 13, and operators of general audience websites or online services that have actual knowledge that they are collecting, using, or disclosing personal information from children under . The COPPA Rule also applies to websites or online services that are directed to children under 13 and that collect personal information from users of any age. The COPPA Rule defines personal information to include full name, address, phone number, email address, date of birth, and other identifiers that permit the physical or online contacting of a specific individual. The COPPA Rule requires operators to post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children; provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children; give parents the choice of consenting to the operator's collection and internal use of a child's information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents); provide parents access to their child's personal information to review and/or have the information deleted; give parents the opportunity to prevent further use or online collection of a child's personal information; maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use. The FTC has the authority to seek civil penalties and injunctive relief for violations of the COPPA Rule. The FTC has brought numerous enforcement actions against operators for violating the COPPA Rule, resulting in millions of dollars in penalties and orders to delete illegally collected data.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CIPP-US Practice