Last month, the Federal Trade Commission issued updated guidance designed to assist businesses comply with the Children’s Online Privacy Protection Act.
Specifically, the guidance reflects developments in the marketplace. It clarifies who is covered by and required to comply with COPPA.
The guidance also clarifies how companies may obtain parental consent.
In a six-step compliance plan, the agency outlines a six-step compliance plan and provides a chart setting-forth limited exceptions to COPPA’s verifiable parental consent requirement.
- Step 1: Determine if your company is a website or online service that collects personal information from kids under 13.
- Step 3: Notify parents directly before collecting personal information from their kids.
- Step 4: Get parents’ verifiable consent before collecting personal information from their kids.
- Step 5: Honor parents’ ongoing rights with respect to personal information collected from their kids.
- Step 6: Implement reasonable procedures to protect the security of kids’ personal information.
What’s new in the FTC’s updated COPPA compliance plan?
New business models.
Technologies continue to evolve, as do methods that are used to collect data. The FTC cites to voice-activated devices that collect personal information.
COPPA applies not only to websites and mobile apps. It also applies to connected devices that make up the Internet of Things. That includes connected toys and other products intended for children that collect personal information, like voice recordings or geolocation data.
New methods for getting parental consent.
Obtaining parents’ permission prior to collecting personal information online from kids under 13 is a key component of COPPA. The revised compliance plan discusses two newly-approved methods for getting parental consent: asking knowledge-based authentication questions and using facial recognition to obtain a match with a verified photo ID.
Contact an FTC defense lawyer if you would like to discuss the Commission’s updated COPPA compliance guidance, or if you are the subject of a local, state attorney general, or federal regulatory matter.
Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns, representing clients in investigations and enforcement actions brought by the Federal Trade Commission and state Attorneys General, commercial litigation, advising clients on promotional marketing programs, and negotiating and drafting legal agreements.
ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result. Hinch Newman LLP | 40 Wall St., 35th Floor, New York, NY 10005 | (212) 756-8777.