October 26, 2017
On October 23, 2017, the Federal Trade Commission (“FTC”) issued a policy enforcement statement providing new direction regarding the application of the Children’s Online Privacy Protection Rule (“COPPA”) to the collection of audio voice recordings online. COPPA compliance requirements generally apply to operators of online services that are either directed to children under 13 years of age, or that have actual knowledge that they are collecting personal information from children under the age of 13.
In 2013, the FTC clarified that files containing a child’s image or voice constitute “personal information” within the meaning of COPPA and, therefore, the collection of audio data from children online requires careful legal scrutiny to ensure COPPA compliance.
The FTC’s new policy enforcement statement addressed inquiries regarding whether COPPA is triggered by the collection of audio data that is immediately converted to text and used as a substitute for text, when the audio data is deleted directly after conversion.
What Guidance Did the FTC Provide Regarding COPPA Compliance in the Context of Audio Recordings?
Operators are not Required to Obtain Parental Consent When Audio is Collected Solely as a Replacement for Written Words
The FTC began by stating that it “recognizes the value of using voice as a replacement for written words in performing search and other functions on Internet-connected devices.” The FTC also noted that when the operator immediately deletes the audio after converting it to text, there is little risk that the audio will be improperly used. Therefore, the FTC has determined that it will not take enforcement action when an operator collects an audio file containing a child’s voice solely as a replacement for written words, such as to perform a search, and then immediately deletes the subject audio file.
To benefit from the new non-enforcement policy, operators must: (i) provide clear notice of their practices with respect to collection, use and deletion of audio files; and (ii) refrain from making any other use of audio files prior to destruction. In addition, please note that the non-enforcement policy does not otherwise affect COPPA compliance requirements in any other respect.
Is Your Company COPPA Compliant?
The FTC has recently increased its focus on regulation of data collection, usage and disclosure practices. Any company that is active on the Internet should consult with experienced counsel to ensure that all of its data collection, use and sharing policies and procedures are compliant with COPPA and other applicable state and federal laws, rules and regulations. If you are interested in learning more about this topic, please e-mail us at firstname.lastname@example.org, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Related Blog Posts: