The revised COPPA rule addresses changes in the way children use and access the internet, including the increased use of mobile devices and social networking. The modified rule, approved by the Commission in December 2012, widens the definition of children’s personal information to include persistent identifiers such as cookies that track a child’s activity online, as well as geolocation information, photos, videos and audio recordings.
“At the FTC, protecting children’s privacy is a top priority,” said FTC Chairwoman Edith Ramirez, in a statement. “The updated COPPA rule helps put parents in charge of their children’s personal information as it keeps pace with changing technologies.”
The COPPA rule was mandated when Congress passed the Children’s Online Privacy Protection Act of 1998. It requires that operators of websites or online services that are either directed to children under 13 or have actual knowledge that they are collecting personal information from children under 13 give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information, and keep secure the information they collect from children.
To coincide with the amended COPPA rule taking effect, the FTC has also continued five safe harbor programs, whose guidelines now reflect the modified rule. Under COPPA, safe harbor status allows certain organizations to create comprehensive self-compliance programs for their members. Companies that participate in a COPPA safe harbor program are generally subject to the review and disciplinary procedures provided in the safe harbor’s guidelines in lieu of formal FTC investigation and enforcement. COPPA safe harbor programs are offered by Aristotle International, Inc., the Children’s Advertising Review Unit of the Council of Better Business Bureaus, ESRB Privacy Online, PRIVO and TRUSTe.
The FTC has also released two new pieces designed to help small businesses that operate child-directed websites, mobile applications and plug-ins ensure they are compliant with upcoming changes to the rule. The first is a document, “The Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business", which is designed especially for small businesses and contains a step-by-step process for companies to determine if they are covered by COPPA, and what steps they are required to take to protect children’s privacy. The FTC also released a video aimed at businesses outlining their obligations under the revised rule, including an explanation of the changes.
Also, the FTC has updated a guide for parents, “Protecting Your Child’s Privacy Online,” that explains what COPPA is, how it works and what parents can do to help protect their children’s privacy online.