The Federal Trade Commission voted unanimously this week to keep the July 1, 2013, compliance date for the new COPPA Rule. Representatives from several industry groups had asked the FTC to delay the compliance date to give businesses more time to make the changes necessary to comply with the new Rule. However, in a letter to these representatives, the FTC explained that businesses have been able to follow the rulemaking process for the past three years and that the new Rule was announced in December 2012, leaving companies six months to study the new Rule and make any necessary changes.
The FTC also stated that "the Commission will exercise prosecutorial discretion in enforcing the Rule, particularly with respect to small businesses that have attempted to comply with the Rule in good faith in the early months after the Rule becomes effective. Further, the Commission follows a policy for reducing, or in appropriate circumstances waiving, civil penalties for violations of a statutory or regulatory requirement by a small entity."
The FTC reminded businesses that it has set up a hotline at CoppaHotLine@ftc.gov so that businesses can ask specific questions about the new Rule and recently updated its COPPA FAQs to include information about the new Rule.
We summarized the new Rule in a previous Alert.
California Considering a Bill Requiring Removal of Personal Information from Children's Social Media Accounts
The California Senate has approved Senate Bill 501, which, if enacted, would provide significant fines for social networking sites that fail to remove the personal information of a child within 96 hours of receiving such a request. The bill provides that "a social networking Internet Web site shall remove the personal identifying information of a registered user in a timely manner upon his or her request. In the case of a registered user who identifies himself or herself as being under 18 years of age, the social networking Internet Web site shall also remove the information in a timely manner upon the request of a parent or legal guardian of the registered user."
A request submitted by a registered user must include sufficient information to verify the identity of the user and must specify any known location of the information that is the subject of the request.
A social networking site that willfully and knowingly violates any provision of the bill would be liable for a civil penalty of up to $10,000 for each violation.
"Personal identifying information" is defined as a person's address, telephone number, driver's license number, state identification card number, Social Security number, employee identification number, mother's maiden name, demand deposit account number, savings account number, or credit card number. "In a timely manner" is defined as within 96 hours of delivery of the request.
According to the Los Angeles Times, several companies, including Google, Zynga, and Tumblr, oppose the bill and sent a letter to the bill's sponsor, calling the proposal unnecessary, unworkable, and in violation of teenagers' free-speech rights. The bill now goes to the California State Assembly.
Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.