The Federal Trade Commission (FTC) has adopted final amendments to the Final Rule of the Children’s Online Privacy Protection Act (COPPA). After a two-year review process - in which MRA participated on behalf of the survey, opinion and marketing research profession - the FTC has finally updated COPPA in hopes of handling technical advances since the law's original passage. Research businesses must update their practices to accomodate these amendments. COPPA still applies to operators of websites or online services that are either directed to children under 13 or have actual knowledge that they are collecting personal information from under 13; website operators or online services must give notice to parents and obtain their verifiable consent before collecting, using or disclosing personal information. The amendments to the Final Rule will go into effect on July 1, 2013.
The FTC announced the amendments to COPPA to "strengthen kids’ privacy protections and give parents greater control over the personal information that websites and online services may collect from children under 13." Commissioner Rosch abstained from the vote and Commissioner Ohlhausen voted against the amendments.
The final amendment includes the following changes:
- Amends the list of “personal information” that cannot be collected without parental notice and consent to include: geolocation information , photographs and videos;
- Provides companies a voluntary, transparent and efficient process to obtain parental consent;
- Restricts the ability of apps and websites designed for kids to permit third parties to collect personal information from children through plug-ins without parental notice and consent;
- Expands the scope of COPPA compliance to third parties doing additional collection ;
- Expands the scope of COPPA to apply to persistent identifiers that recognizes users over time and across different websites or online services, such as IP addresses and mobile device IDs;
- Creates a requirement that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that have policies and are capable to keep personal information secure and confidential;
- Creates a requirement that covered website operators adopt procedures for data retention and deletion/destruction; and
- Strengthens the Commission’s oversight of self-regulatory safe harbor programs for COPPA.
The Final Rule also includes expanded clarifications and modified definitions to the following:
- website or online service directed to children;
- personal information;
- personal information requiring parental consent; and
- collection of personal information.
This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.