Category: National News

Washington, DC - The FTC adopted final amendments to the Children’s Online Privacy Protection Rule on December 19, 2012, just over two years ago. The amendments strengthened kids’ privacy in several ways.

Just a few examples: adding photos, videos, kids’ voices, and persistent identifiers to the list of “personal information” that can’t be collected without parental notice and consent; ensuring that kid-directed apps and websites aren’t letting third parties collect personal information from kids through plug-ins without parental notice and consent; beefing up data security protections; and increasing the FTC’s oversight of self-regulatory safe harbor programs.

So what’s happened since the amended Rule took effect on July 1, 2013?  A lot.

Safe Harbors and Verifiable Parental Consent Methods.  All told, Commission-approved Safe Harbors have over 140 members with more than 1100 sites and apps. In the past 18 months, we’ve reviewed existing Safe Harbors to see how they’ve incorporated changes to COPPA and answered their questions to help them guide their members. We’ve also reviewed applications for two new Safe Harbor programs and four proposed verifiable parental consent methods. For each application, we’ve reviewed public comments and provided a written determination. Through this process, the Commission approved two new safe harbors, KidSafe and iKeepSafe, and a new verifiable parental consent method involving knowledge-based authentication. One application is pending.

Guidance.  Companies asked for more guidance on implementing the amendments to COPPA and we followed through in four ways:

Law enforcement.  The focus on education and outreach hasn’t changed the FTC’s long-standing emphasis on enforcement. The Commission settled two cases in 2014 that demonstrates the importance of COPPA compliance in the mobile space. Actions against TinyCo and Yelp demonstrate our commitment to challenging COPPA violations both by services directed to children and by general audience services with actual knowledge that they’re collecting personal information from children. Further evidence of that commitment: a December 22, 2014, staff warning letter to a China-based developer of child-directed apps that may be collecting geolocation information. 

But to get a complete picture of the FTC’s efforts to ensure COPPA compliance, it’s important to consider the numerous non-public inquiries we’ve undertaken to determine if websites and apps are honoring their legal obligations. We learned that where there’s smoke, there isn’t always fire.  For example, in the course of our behind-the-scenes efforts, we’ve come across audio apps that actually obscure the voices they collect, photo apps where the pictures remain on the device and don’t transmit through the app, apps using persistent identifiers for support for internal operations, and sites that get parental consent. But even when an inquiry doesn’t end with law enforcement, we think our investigations encourage COPPA compliance.

The Commission’s Safe Harbors have been busy monitoring their members as well.  Safe Harbor annual reports reveal that from July 2013 to July 2014, Safe Harbors identified dozens of COPPA issues and required their members to correct them.

All of these aspects of the FTC’s COPPA program – Safe Harbors, guidance, and law enforcement – work together to help protect children’s privacy. We’ve done a lot since the Commission adopted the amended Rule two years ago, but an anniversary isn’t an end.  We’re committed to continued cooperation with Safe Harbors, additional guidance to help businesses, and rigorous law enforcement.

That’s a recap of what we’ve been up to.  What’s it all mean for your company?

  1. If you haven’t given COPPA much consideration since the revised Rule took effect in 2013, it may be time for a compliance check-up. As recent law enforcement actions demonstrate, changes to your website or modifications to the functionality of your apps could have unintended COPPA consequences.
  2. How can you get your COPPA questions answered?  Our Six-Step Compliance Plan is the best place to start.  Experienced COPPA hands can consult the FAQs for in-depth advice.  And subscribing to the Business Blog is easy way to stay current.
  3. Have you considered if Safe Harbor membership is appropriate for your business?  Of course, there’s no one-size-fits-all approach to COPPA, but many companies have found that Safe Harbor membership helps to streamline compliance.