Hacker News new | past | comments | ask | show | jobs | submit login

> the requirement that you can permanently delete all of your information. Most early-stage startup use the best practice of “delete=1”.

What's your system for dealing with COPPA then? You're required to have a way for permanently removing data of children.




COPPA only applies to sites that are directed towards children or have "actual knowledge" that they're collecting data from children. It's legally sufficient to ask for birthdays and refuse signups from anyone under 13.


Can companies do the same here?

“Are you in the EU? Y/N”


When you learn that someone lied and they are under 13yo, the rule applies again.


I'm not aware of any rule or case which supports this claim.


It doesn't have to be a specific rule. You learn that the age declaration was invalid so the "§312.10 Data retention and deletion requirements" applies unless you have a verifiable parent consent.


Not many companies are going out of their way to learn that their users are lying about their age.


Honestly? During the first year of our start up, I didn’t have time to understand all of that stuff so I just put a checkmark on the sign up that users were over the age of 13, and moved on.


COPA was struck down by the courts last decade.


I think GP meant COPPA, not COPA

https://people.apache.org/~jim/NewArchitect/docs/new10136361...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: