skip to main content

Publications

Amended Rule for the Children's Online Privacy Protection Act Takes Effect
July 1, 2013

June 26, 2013

On July 1, 2013, the newly amended rule implementing changes to the Children’s Online Privacy Protection Act (“COPPA”) takes effect. The primary purpose of COPPA is to put parents in control of information collected online from their children under the age of 13. Among other things, the new rule expands the scope of entities that are required to comply with COPPA and expands the scope of the type of ‘personal information’ that may not be collected from children under 13 without parental consent.

Under the new rule, COPPA will apply to (1) operators of commercial websites and online services (including mobile apps) that are directed at children under 13 and collect, use or disclose children under 13’s personal information; or (2) operators of general audience websites who (a) have actual knowledge that they are collecting, using or disclosing children under 13’s personal information, or (b) have actual knowledge that they are collecting children under 13’s personal information directly from users of another website or online service directed at such children.

Further, the definition of ‘children’s personal information’ has been expanded. Under the new rule ‘personal information’ includes first and last name; home or other physical address including street name or name of a city or town; online contact information; a screen or user name that functions as online contact information; phone number; social security number; persistent identifier that can be used to recognize a user over time and across different websites or online services; a photo, video, or audio file if that file contains a child’s image or voice; geo-location information sufficient to identify the street name and name of a city or town; or information concerning the child or the parents of the child that the operator collects online from the child and combines with an identifier described above.

Under the rule, operators of websites and online services covered by the rule must:

  1. Post a clear and comprehensive online privacy policy;
  2. Provide direct notice to parents and obtain verifiable consent before collecting their children’s personal information online;
  3. Give parents the choice of consenting to the operator’s collection and internal use but prohibiting disclosure to third parties;
  4. Provide parents access to their children’s personal information to review and have information deleted;
  5. Give parents the opportunity to prevent further use or collection online of their child’s personal information;
  6. Properly maintain the confidentiality, security, and integrity of information collected; and
  7. Retain collected information for only as long as necessary to fulfill the purpose for which it was collected and then properly delete the information.

Recently, to assist the online business community, the Federal Trade Commission (FTC) issued Frequently Asked Questions (FAQs) on its website containing guidance for operators of commercial and social networking sites and other online service providers, including mobile apps. 

Given the complexity of the new rule and the FTC’s current posture regarding COPPA enforcement, operators of websites or online services that collect the personal information of children should consider consultation with legal counsel to evaluate what their obligations are under COPPA.

If you have any questions, please contact Cathy Intravia at (860) 251-5805 or cintravia@goodwin.com.

 



© Shipman & Goodwin LLP, 2017. All Rights Reserved.