BlogLine

FTC Guidance for Online Protection for Children

5/14/13

By: Matt Foree
A byproduct of widespread use of the internet is its inevitable use by young children. Today, children have access to the internet through computers, smartphones and countless other electronic devices. To protect the privacy of children online, Congress enacted the Children’s Online Privacy Protection Act (“COPPA”), which provides rules for operators of commercial websites and online services directed to or knowingly used by children under 13. COPPA required the Federal Trade Commission (“FTC”) to issue and enforce regulations concerning children’s online privacy. The FTC’s original COPPA Rule became effective on April 21, 2000.
Significantly, the FTC issued new, stricter rules under COPPA on December 19, 2012, the first time the rules have been amended since COPPA was enacted in 1998. (See video of Chairman John D. Rockefeller IV’s remarks regarding the amendment and the modernization of COPPA here.) Obviously, much of the relevant technology has evolved since COPPA was enacted. The new rules go into effect on July 1, 2013. The new rules can be found here. on the FTC’s website.
The stricter rules under COPPA came shortly after the FTC issued a report entitled “Mobile Apps For Kids: Disclosures Still Not Making the Grade” on the state of mobile app privacy protections for children in December 2012. This report characterized the results of its recent survey on mobile apps as “disappointing,” and noted that the mobile app industry “appears to have made little or no progress in improving its disclosures” since the FTC’s previous report.
Generally, COPPA applies to operators of commercial websites and online services, such as mobile apps, directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. COPPA also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. “Personal information” includes, among other things, first and last name, a home or other physical address, a screen or user name, a telephone number, certain geolocation information, a social security number, and a photograph, video, or audio file that includes a child’s image or voice.
The rules provide that operators covered by COPPA must, among other things, post a clear and comprehensive policy describing their information practices for personal information collected online from children, provide direct notice to parents and obtain verifiable parental consent, with some exceptions, before collecting personal information online from children, and give parents access to their child’s personal information to review and/or have the information deleted.
The FTC has recently released a document providing further COPPA guidance.  Entitled “Complying with COPPA:  Frequently Asked Questions, a Guide for Business and Parents and Small Entity Compliance Guide” (the FAQ), this compliance document sets forth 92 frequently asked questions related to COPPA.  As stated in the document, the “primary goal of COPPA is to place parents in control over what information is collected from their young children online.”  The FAQ provides specific guidance about obligations regarding use or disclosure of previously collected information that will be deemed personal information once the amended rule goes into effect on July 1, as well as an explanation of the differences between the new and old COPPA rules.
The new COPPA rules provide pitfalls for covered operators of commercial websites and online services. Covered businesses should review COPPA and the FTC guidance to ensure compliance with COPPA, which authorizes civil penalties of up to $16,000 per violation. COPPA gives states and certain federal agencies authority to enforce compliance.