$6.$ Children$$s Personal Data

$6\mathrm{.}1$ What additional obligations apply to the processing of children$$s personal data?

Children$$s information is protected at the federal level under COPPA $(15$ U$.$S$.$ Code $6501).$ COPPA requires operators of: $($a$)$ commercial websites and online services directed to children under the age of $13$; or $($b$)$ general or mixed audience commercial websites or online services with actual knowledge they are collecting personal information from children under the age of $13$ to meet specific compliance obligations where they collect personal information from children under the age of $13.$ Specifically, COPPA requires that covered operators: $(1)$ publish certain privacy notices, including a COPPA$-$compliant privacy policy and $$direct notice$$ to parents prior to the collection of personal information from their child; $(2)$ obtain parental consent prior to collecting personal information from a child under the age of $13$; $(3)$ provide parents a choice regarding disclosure of a child$$s information to third parties under certain circumstances; $(4)$ provide parents access to their child$$s personal information and opportunities to delete that information or prevent further use or collection of a child$$s information; and $(5)$ maintain the confidentiality, security, and integrity of the information collected. At the time of writing, additional federal legislation that would increase protections for children$$s privacy online has been introduced and is currently pending.

At the state level, the CCPA alters its right to opt out of sale of personal information for consumers under the age of $16.$ Businesses are prohibited from selling personal information of consumers under the age of $16$ without affirmative authorisation from a consumer aged $1315$ or from the parent or legal guardian of a consumer under the age of $13.$ Recent privacy laws, including in Virginia, Colorado, Utah, and Connecticut, consider the personal data of a child below the age of $13$ as sensitive personal data. In Virginia, Utah, and Connecticut, controllers must process a child$$s data in accordance with COPPA. The Colorado Privacy Act requires consumer consent before processing sensitive personal data, but notably exempts personal data subject to COPPA. In $2022,$ California enacted the Age$-$Appropriate Design Code Act, which imposes requirements addressing transparency requirements, default settings and data protection impact assessments. Notably, the law, effective July $1,2024,$ applies to children under $18,$ not under $13$ like COPPA or other laws involving children$$s data. explain in detail about this right