By Nathan Martin
July 1, 2013
New regulations from the Federal Trade Commission go into effect today, seeking to give parents greater control over how websites and online services collect information on children. Modifying the Children’s Online Privacy and Protection Act (COPPA), originally passed in 1998, the new rule strengthens existing protections and modernizes the requirements and expectations placed upon websites and app developers.
With the continual evolution of the internet, websites and apps are changing the way information is collected. As children engage with technology and the role of digital learning expands, it is crucial that thoughtful law and policy keeps up. Under this Rule, operators of websites or online services directed to or knowingly used by children under the age of 13 years must follow a number of special steps aimed at protecting children’s privacy.
The final amendments to this rule are:
- modify the list of “personal information” that cannot be collected without parental notice and consent, clarifying that this category includes geolocation information, photographs, and videos;
- offer companies a streamlined, voluntary and transparent approval process for new ways of getting parental consent;
- close a loophole that allowed kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins without parental notice and consent;
- extend coverage in some of those cases so that the third parties doing the additional collection also have to comply with COPPA;
- extend the COPPA Rule to cover persistent identifiers that can recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs;
- strengthen data security protections by requiring that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential;
- require that covered website operators adopt reasonable procedures for data retention and deletion; and
- strengthen the FTC’s oversight of self-regulatory safe harbor programs.
Sara M. Grimes provides excellent background of COPPA and an overview of the new rule over at the Joan Ganz Cooney Center.
As penalties for violations of COPPA can be steep, it is crucial for private companies, especially startups, to understand how their data collection practices fit underneath the new law.
Make sure to check out the FTC’s site on children’s privacy, including a briefing on compliance for websites and developers as well as information for parents and privacy groups.
Specific publications include:
- Children’s Online Privacy Protection Rule: Not Just for Kids’ Sites
- Complying with COPPA: Frequently Asked Questions
- Marketing Your Mobile App: Get It Right from the Start
Nathan Martin serves as the State Policy Director for Digital Learning Now!.