FTC Approves kidSAFE as Safe Harbor Program Under COPPA

Last week, the Federal Trade Commission approved the kidSAFE Seal Program as a safe harbor program under the Children’s Online Privacy Protection Act (COPPA) and FTC’s COPPA Rule. The FTC’s revised COPPA Rule (effective July 2013) restricts the ways that child-directed sites and their third-party affiliates can collect and use personal information from children under the age of 13. The Rule contains a safe harbor” provision enabling industry groups or others to submit self-regulatory program guidelines to the FTC for approval. Companies that meet the requirements of a safe harbor program will be deemed to be in compliance with the COPPA Rule for purposes of enforcement. To date, the FTC has approved six COPPA safe harbor programs.

In order to meet the requirements of the kidSAFE Seal Program, a child-directed site or service must demonstrate compliance with the basic safety guidelines (the kidSAFE certification”) and additional privacy guidelines (the kidSAFE+ certification”). The program’s basic safety rules require: (1) chat and other interactive community features to be designed with safety protections and controls; (2) posting of rules and educational information about online safety; (3) procedures for handling safety issues and complaints to be in place; (4) parents to have basic safety controls over their child’s activities; and (5) content, advertising, and marketing to be age-appropriate.

The program’s privacy guidelines are specific to COPPA and require the operator to: (a) have neutral age-screening mechanisms, when appropriate; (b) provide notice and verifiable parental consent, as required under the COPPA Rule; (c) allow parents to access their child’s personal information; (d) protect the integrity and security of a child’s information; (d) post a COPPA-compliant privacy policy; and (e) cooperate with the kidSAFE Seal Program’s oversight and enforcement mechanisms.

The kidSAFE Seal Program was submitted to the FTC for approval on August 15, 2013. The Commission announced kidSAFE’s application in the Federal Register on September 18, 2013 and received public comment on the application through November 4, 2013. During the notice and comment period, some concerns were raised regarding certain aspects of the kidSAFE Seal Program, including the potential for consumer confusion regarding the meaning of the different kidSAFE self-regulatory programs (i.e., kidSAFE vs kidSAFE+) and the ability to evaluate and enforce member compliance. To address these and other concerns raised by the Commission, kidSAFE agreed to modify certain aspects of its program.