As we detailed in a post from December 2012, the Federal Trade Commission (FTC) adopted final amendments to its Children’s Online Privacy Protection Rule (COPPA), which will go into effect on July 1, 2013. The amended rule will affect websites and mobile applications (apps) that collect or use information submitted by children under the age of 13.
Summary of COPPA Amendments
The following is a brief summary of the changes to COPPA:
- modifies the list of “personal information” that may not be collected without parental notice and consent, clarifying that this category includes geolocation information, photographs and videos;
- closes a loophole that allowed apps and websites to use children’s personal information if collected by third parties through plug-ins and updates;
- extends coverage to persistent identifiers that can recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs;
- strengthens data security protections by requiring that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential;
- requires that covered website operators adopt reasonable procedures for data retention and deletion; and
- strengthens the FTC’s oversight of self-regulatory safe harbor programs.
COPPA Education Letters Sent to Businesses
This week, in an effort to ensure future compliance with the foregoing amendments, the FTC sent 90 “educational” letters to business that may be affected by the COPPA amendments. According to the FTC’s website, letters were sent to domestic companies that may be collecting images or voice recordings of children, as well as to domestic companies that may be collecting persistent identifiers from children. The FTC also sent letters to international businesses participating in similar fields, which can be viewed here: voice recording and image letter |persistent identifier letter.
The FTC was careful to point out that the letters were not meant to indicate that the websites or apps in question would violate the amended COPPA rules, but that a thorough review of the subject website/app policies and procedures should be undertaken to safeguard the companies associated with them from liability. If any necessary updates have not been made by July 1, 2013, the FTC made clear that it will use its prosecutorial discretion to investigate and/or initiate regulatory actions against non-compliant businesses. These preemptory letters indicate that the FTC takes the COPPA amendments very seriously and intends to strictly police and regulate the industry to ensure compliance.
If you are interested in learning more about this topic or need to review your privacy practices and/or update your website or app privacy policies based on the amendments to COPPA, please e-mail us at firstname.lastname@example.org, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.