FTC Press Release:
The Federal Trade Commission’s revised Children’s Online Privacy Protection Act Rule took effect today, giving parents greater control over the online collection of their children’s personal information. The revised COPPA rule culminates more than two years of review by the agency to modernize the rule.
The revised COPPA rule addresses changes in the way children use and access the Internet, including the increased use of mobile devices and social networking. The modified rule, approved by the Commission in December 2012, widens the definition of children’s personal information to include persistent identifiers such as cookies that track a child’s activity online, as well as geolocation information, photos, videos, and audio recordings.
“At the FTC, protecting children’s privacy is a top priority,” said FTC Chairwoman Edith Ramirez. “The updated COPPA rule helps put parents in charge of their children’s personal information as it keeps pace with changing technologies.”
The COPPA rule was mandated when Congress passed the Children’s Online Privacy Protection Act of 1998. It requires that operators of websites or online services that are either directed to children under 13 or have actual knowledge that they are collecting personal information from children under 13 give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information, and keep secure the information they collect from children.
To coincide with the amended COPPA rule taking effect, the FTC has also continued five “safe harbor” programs, whose guidelines now reflect the modified rule. Under COPPA, safe harbor status allows certain organizations to create comprehensive self-compliance programs for their members. Companies that participate in a COPPA safe harbor program are generally subject to the review and disciplinary procedures provided in the safe harbor’s guidelines in lieu of formal FTC investigation and law enforcement. COPPA safe harbor programs are offered by Aristotle International, Inc., the Children’s Advertising Review Unit of the Council of Better Business Bureaus, ESRB Privacy Online, TRUSTe, and Privo, Inc.
The FTC has also released two new pieces designed to help small businesses that operate child-directed websites, mobile applications and plug-ins ensure they are compliant with upcoming changes to the rule.
The first is a document, “The Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business, which is designed especially for small businesses and contains a step-by-step process for companies to determine if they are covered by COPPA, and what steps they are required to take to protect children’s privacy. The FTC also released a video aimed at businesses to help explain their obligations under the revised rule, including an explanation of the changes.
Finally, the FTC has updated a guide for parents, “Protecting Your Child’s Privacy Online,” that explains what COPPA is, how it works and what parents can do to help protect their children’s privacy online.
These new documents provide guidance from the FTC staff that supplements the rule and other COPPA–related material previously published by the FTC, including an updated set of frequently asked questionsabout the rule. FTC staff will periodically update the FAQs.
In addition to the guidelines and frequently asked questions, FTC staff maintain a “COPPA Hotline” email address, COPPAHotLine@ftc.gov, where industry members can send questions on how to ensure they are compliant with the rule. Comments on the FAQs or suggestions for new FAQs may also be submitted through the COPPA Hotline email address.