New Children’s Privacy Rules Are in Force
The U.S. Federal Trade Commission's (FTC) revised rule implementing the Children's Online Privacy Protection Act (COPPA)—which now addresses changes in the way children use and access the Internet, including the increased use of mobile devices and social networking—took effect on July 1, 2013. (Our January issue summarized the extensive nature of the changes.)
The FTC—recognizing that many website and app developers may not understand the scope of the revised rule—recently released two new informational pieces to help small businesses. The first is a document that contains a step-by-step process that helps companies determine if they are covered by COPPA and, if so, what steps the companies must take to comply with COPPA. Specifically, the document proposes that companies:
- Step 1: Determine if they are a website or online service that collects personal information from kids under 13.
- Step 3: Notify parents directly before collecting personal information from their kids.
- Step 4: Get parents' verifiable consent before collecting information from their kids.
- Step 5: Honor parents' ongoing rights with respect to information collected from their kids.
- Step 6: Implement reasonable procedures to protect the security of kids' personal information.
The second new FTC resource is a video that explains how the revised rule differs from the original rule. This video is particularly useful for business that have complied with COPPA and that simply need clarification on additional obligations resulting from the revised rule.
This guidance from the FTC staff supplements earlier guidance provided in the FTC's April 25 FAQs. Although this information is non-binding, it provides very useful guidance regarding how the FTC staff, and ultimately the agency, intend to interpret and enforce the COPPA rule.