COPPA Guidance Released to Help Businesses Keep Pace With Evolving Internet

Linda Goldstein
BakerHostetler
Contact
LinkedIn
Facebook
X
Send
Embed

BakerHostetler

FTC creates comprehensive six-step compliance plan

Changing Topography

The Children’s Online Privacy Protection Act (COPPA), enacted in 1998, created guidelines limiting the collection of personal information from children online. But 1998 was eons ago in Internet time; the online landscape has evolved and matured in ways that the authors of COPPA could never have anticipated. Because more users than ever, including children, provide information online in new and unanticipated ways, the FTC updated COPPA in July 2013.

To help businesses comply with COPPA in this ever-changing technological landscape, the Commission recently unveiled a new step-by-step plan to help businesses determine whether they are subject to COPPA and, if so, how to comply. The new guidance makes clear that the “website and online services” covered by COPPA are broadly defined to include mobile apps that send or receive information online, Internet-enabled location-based services, voice over Internet protocol devices, and connected toys or other Internet of Things devices.

KBA and FMVPI

The new guidance also introduces into the COPPA fold two relatively new methods for obtaining parental consent. Knowledge-Based Authentication (KBA) is a method that generates multiple-choice questions that significantly lower the chances that a child less than 12 years of age would be able to guess the answers and bypass parental consent. The second method, Face Match to Verified Photo Identification (FMVPI), compares a verified snapshot of the parent’s photo ID with a photo taken by the would-be user of their own face. A mismatch denies access to the user. Both KBA and FMVPI are now accepted by the FTC as COPPA-compliant consent technologies.

The Takeaway

The FTC’s new six-step compliance plan provides valuable advice to the business community regarding whether COPPA applies, and how to ensure compliance. Any business can use the plan to determine whether their company is subject to COPPA, to create a compliant privacy policy and to secure parental consent before gathering a child’s personal data. Exceptions to the guidelines are also covered. Businesses that collect personal information online should take advantage of this valuable resource.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:

BakerHostetler
BakerHostetler
Contact
more
less

BakerHostetler on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide