FTC Reaches Out to Businesses on COPPA
On May 15, 2013, the Federal Trade Commission sent letters to more than 90 U.S. and foreign-based companies that may be affected by amendments to the Children’s Online Privacy Protection Rule (“COPPA” or the “Rule”), which go into effect on July 1, 2013. The letters, which do not reflect an official evaluation of the recipients’ privacy practices, were targeted to online services and mobile applications that collect “personal information” from children under age 13, as defined by the Rule.
The primary purpose of the letters was to highlight the significant changes to the COPPA Rule definition of personal information, which, under the current Rule, includes user names, a home or physical address, contact information (e-mail address or telephone number), and social security numbers. As described in the letters, the amended Rule expands the definition of personal information to include persistent identifiers, such as cookies, IP addresses, and mobile device IDs, that can recognize users over time and across different websites or online services. Online operators that collect such information must provide notice and obtain parental consent, unless they use the identifiers to support internal operations, such as for user authentication or network analysis. Under the revised Rule, personal information also includes photographs or video with a child’s image, or an audio file with a child’s voice.
In addition to describing changes to the definition of personal information, the letters also highlighted the following “musts” for developers of child-directed online or mobile apps:
• Notice and parental consent for personal information collected on applications from third parties, such as ad networks;
• Reasonable steps to release children’s personal information only to companies that will keep it secure and confidential;
• New data retention and deletion requirements.
The letters are the latest step by the Commission to generate awareness about how the COPPA Rule changes may affect online operators’ current business practices. As we described last month, FTC Staff also issued an updated Frequently Asked Questions (“FAQ”) document, Complying with COPPA: Frequently Asked Questions, that includes a number of questions (and answers) that directly address how the amended COPPA Rule differs from the current Rule.