After an extensive review process that began in 2010, the Federal Trade Commission (FTC) adopted final amendments to the Children’s Online Privacy Protection Rule (COPPA). The amended COPPA will go into effect on July 1, 2013.
In short, the amendments strengthen online privacy protection for children under 13 years of age, while giving parents an increased role in their children’s online activities (including via mobile devices).
According to the FTC’s website, the amendments:
- modify the list of “personal information” that cannot be collected without parental notice and consent, clarifying that this category includes geolocation information, photographs, and videos;
- offer companies a streamlined, voluntary and transparent approval process for new ways of getting parental consent;
- close a loophole that allowed kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins without parental notice and consent;
- extend coverage in some of those cases so that the third parties doing the additional collection also have to comply with COPPA;
- extend the COPPA Rule to cover persistent identifiers that can recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs;
- strengthen data security protections by requiring that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential;
- require that covered website operators adopt reasonable procedures for data retention and deletion; and
- strengthen the FTC’s oversight of self-regulatory safe harbor programs.
In light of these amendments, operators of web venues and mobile applications (APPs) that collect consumer information (even if not intentionally from children under 13 years of age) should immediately review their data collection and usage practices and seek to ensure compliance with the amended COPPA. Entities that fail to comply with the requirements of COPPA could find themselves facing regulatory action, which could result in significant fines.
If you are interested in learning more about this topic or need to review your privacy practices and/or update your website (or mobile App) privacy policies based on the amendments to COPPA, please contact us at your convenience.