Mobile Apps and Websites Face New COPPA Requirements Starting July 1


In one month, on July 1, 2013, the Federal Trade Commission’s most recent amendments to its Children’s Online Privacy Protection Act Rule (“COPPA Rule”) will go into effect. These changes include a variety of requirements intended to keep up with advances in technology and how children interact with mobile apps and websites. The amendments to the COPPA Rule are primarily focused on the collection of personal information from children under the age of 13, and include changes to the types of information covered by the rule, the methods for obtaining parental consent for collection of personal information, and additional restrictions on how that personal information can be shared among companies who use such information in their business. The amendments to the COPPA Rule:

  • modify the list of personal information that cannot be collected without parental notice and consent, which includes geolocation information, photos, videos and audio files that contain a child’s image or voice;
  • establish a “streamlined” approval process for proposed new methods for obtaining parental consent;
  • require parental consent where the app or website allows third parties to collect personal information from children through plug-ins, and in some cases require those third parties to comply with COPPA as well;
  • extend COPPA to cover persistent identifiers (such as IP addresses and mobile device IDs) which recognize users over time and across different services or websites;
  • increase data security protection by requiring operators of apps and websites to take steps to release children’s personal information only to other companies that can keep that information secure and confidential;
  • require that app and website operators adopt reasonable procedures for data retention and deletion; and
  • provide increased FTC oversight concerning self-regulatory safe harbor programs.

The new requirements imposed by the amendments will no doubt require some app and website operators to modify their business practices to comply with the COPPA Rule. These amendments close several loopholes and clarify previously gray areas regarding the types of operators, services and personal information that fall within the Rule’s ambit. For apps and websites clearly directed to children under 13, the amendments provide an enhanced set of protections that appear to further COPPA’s overarching goal of creating a safer and more secure online experience for children.

A bit murkier is the effect of the amendments regarding apps and websites that cater to a more general audience. The amended COPPA Rule employs an “actual knowledge” standard, and requires compliance with its requirements when an operator or service provider has actual knowledge that they are collecting personal information through a child-directed app or website. Apps and websites that target a more general audience, where children are not the primary users, are only required to provide notice and obtain parental consent for those users who identify themselves as being younger than 13. Further, third parties (like plug-ins and ad networks) will be deemed to have the requisite “actual knowledge” if the child-directed nature of the content is directly communicated to that third party by the content provider, or if a representative of the third party service “recognizes” the child-directed nature of the content.

Time will tell how these and other issues potentially created by the new amendments to the COPPA Rule will play out. But for now, given the continuing exponential growth in the number of children using computers and mobile devices for education and entertainment, every app and website operator must take notice of the Rule’s new requirements. App and website operators must ensure that their practices, and the practices of the third parties they have integrated or with whom they share user’s personal information, are updated to comply with the new COPPA Rule once it takes effect on July 1.

Written by:


BakerHostetler on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.