McAfee & Taft tIPsheet - March 2013: FTC amends Children’s Online Privacy Protection Rule

more+
less-

On December 19, 2012, the Federal Trade Commission amended the Children’s Online Privacy Protection Rule to be consistent with the requirements of the Children’s Online Privacy Protection Act. The amendments to the COPPA Rule will go into effect July 1, 2013. Under COPPA, child-directed website or service operators must first obtain parental consent before collecting personal information from children under 13. The goals of COPPA are to minimize the collection of personal information from children and to create a safer and secure online experience for children.

The amendments to the COPPA Rule address several loopholes that were exploited in the past. The amendments update and streamline current procedures, as well as modify and expand the definitions of key terms such as operator, personal information, and website or online service directed to children.

In the past, website operators exploited a loophole in COPPA by having third parties collect the personal information, thus avoiding the parental consent requirements. The amendment now applies responsibility of obtaining parental consent to website operators when a third party is performing the collection of the personal information, even if the third party lacks actual knowledge of the child-directed content.

The modified definitions of terms such as operator and website or online service directed to children will now cover operators of child directed sites or services that integrate outside services such as plug-ins and add-on service providers. Under the new definitions, the plugin operators and add-on service providers are deemed to be an online service directed to children and must comply with COPPA if they have actual knowledge that personal information is being collected directly from children users of another website or online service directed to children.

The definition of personal information is updated to reflect current technology by including geolocation information and persistent identifiers, such as cookies and IP addresses, that can be used to recognize a user over time and across different websites or online services.

Violations of the COPPA Rule can carry a fine of up to $11,000 per violation. If COPPA currently does not apply to you or your business, you should check your current practices to see how the amended COPPA Rule could affect you.