What you need to know about the Children’s Online Privacy Protection Act amendments

To keep pace with rapidly evolving technology, the Federal Trade Commission (FTC) recently issued several important amendments to the Children’s Online Privacy Protection Act of 1998 (COPPA). All businesses that use social media, technology, and mobile applications should be aware of the new requirements, which became effective on July 1, and take steps to comply with them.

What is COPPA?

COPPA was enacted to ensure the privacy and security of children under 13 on the Internet and requires the FTC to issue and enforce various related regulations.

Who must comply with COPPA rules?

COPPA applies to all individuals or entities that: 1) collect, use, or disclose personal information online or through mobile technology and 2) direct their activities or services toward children or have actual knowledge that children under age 13 use their services (covered providers). Given that most businesses operate websites, mobile applications, and social media, COPPA may apply to a large number of individuals and entities. The FTC, in fact, has clarified that COPPA applies to a host of emerging technologies, including mobile technologies, ecommerce sites, and certain texting programs.

What does COPPA require?

COPPA requires all covered providers to:

• Maintain the confidentiality, security, and integrity of personal information they collect from children.
• Retain the information only for as long as necessary to fulfill the purpose for which the information was collected.
• Implement and post a clear and comprehensive online privacy policy that describes what they do with personal information they collect online from children.
• Provide tools to parents. This includes providing direct notice to parents and obtaining verifiable parental consent (with some limited exceptions) prior to collecting personal information online from children; allowing parents to prevent the disclosure of their child’s personal information to third parties; allowing parents to access their child’s personal information to review and/or have the information deleted; and providing parents with the opportunity to prevent further use or online collection of a child’s personal information.
• Allow children to use their websites/online services without providing any more information than is reasonably necessary to participate. Covered providers may not condition participation on providing more information than is necessary.

(Continued)

What do the new amendments change?

The new amendments clarify and streamline several of these requirements. Specifically, they:

• Expand the definition of “personal identification.”
• Clarify the definition of “directed to children.”
•  Ensure that parents receive easy-to-understand and timely notices.
• Take additional steps to ensure confidentiality and data security.
• Permit covered providers to participate in safe harbor programs.

Details concerning these amendments can be found here.

What are the consequences of noncompliance?

The FTC may levy fines of up to $16,000 for each violation of COPPA. While the FTC will not police every data-collection practice out there, it intends to aggressively enforce the amended rules in 2013 to protect the privacy of “the most vulnerable members of our society” — our nation’s children.

Mindi Giftos (mgiftos@whdlaw.com) and Benjamin Brunette (bbrunette@whdlaw.com) are attorneys with the technology law team at Whyte Hirschboeck Dudek S.C.

Click here to sign up for the free IB ezine – your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.