The U.S. Federal Trade Commission recently updated the rule for
children's online privacy protection, expanding a
business's obligations and accountability for online data
The U.S. federal law known as the Children's Online Privacy
Protection Act (COPPA), 15 U.S.C. §§ 6501-6508,
requires that commercial website and online service operators
provide parental notification and obtain verifiable parental
consent prior to collecting personal information from children
under 13. (Note: all references to
"children" hereinafter refer to children under 13.)
After COPPA was enacted in 1998, the Federal Trade Commission (FTC)
promulgated the Children's Online Privacy Protection Rule (the
COPPA Rule), 16 C.F.R. Part 312, to implement COPPA.
In 2010, the FTC began the process of updating the COPPA Rule to
address changing technology in the way information about children
is collected online, including the increased use of mobile devices
and social media. After seeking and considering several
rounds of public comments, the FTC adopted the amended COPPA Rule
on December 19, 2012. The amended COPPA rule, which will take
effect on July 1, 2013, makes several notable changes:
Expands the definition of "personal information" to
include geolocation information, a child's photo or audio or
video file, screen or user names, and persistent identifiers
(e.g., a customer number held in a cookie, an IP address,
a unique mobile device ID, etc.) that can be used to identify a
user over time and across different websites or online
Holds an online service operator liable for third-party
collection of personal information on its platform, if the third
party is acting on behalf of the operator (e.g., as an
agent or service provider) or if the operator benefits by allowing
the third party to collect information from users on its
Makes a party (e.g., a software plug-in or an ad
network) that collects information on another's platform liable
under COPPA, if that party has actual knowledge it is collecting
personal information on a children-directed platform
Further clarifies the test for determining whether an online
service is children-directed (which remains a highly fact-specific
inquiry that depends on the totality of the circumstances)
Adds an age-screening safe harbor for online services that fit
the "directed to children" criteria, but do not target
children as their primary audience
Streamlines what disclosures need to be made in an online
regarding its information practices with respect to children
Expands acceptable methods for obtaining verified parental
With these changes, the amended COPPA Rule enhances online
privacy protection for children and makes online service operators
more accountable for data collection activities involving
children. To ensure compliance with the amended COPPA Rule,
online service operators—including websites, mobile app
operators, social media plug-in providers and ad
networks—need to evaluate their data collection activities
with respect to children, including third-party activities on their
platforms as well as their activities on third-party platforms.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced the first ever settlement related to a Covered Entity's untimely breach notification in violation of HIPAA.
Shortly before the New Year, the United States Attorney for the Southern District of New York unsealed an indictment against three Chinese hackers who allegedly stole information from two prominent U.S. law firms.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).