United States: New Children’s Online Privacy Protection Rules Impose Heightened Compliance Standards on Website and Software Application Operators

Effective July 1, 2013, recently enacted Federal Trade Commission (FTC) regulations will impose greater obligations on website operators and online service providers under the Children's Online Privacy Protection Act (COPPA). This is the first revision to the COPPA regulations in over 10 years. COPPA already imposes certain parental consent requirements for website operators collecting personal information online from children under the age of 13. The new regulations extend compliance obligations to website owners and online software application providers, including mobile applications, not previously covered by COPPA and its existing regulations.

The new rules also broaden the definition of "personal information" from basics such as names and home addresses to include less obvious identifiers, such as certain screen names, particular geo-location information, audio-visual materials featuring a child's image or voice, and some uses of persistent identifiers, such as customer numbers held in cookies, selected uses of IP addresses, and certain uses of unique device identifiers including those contained in cell phones.

Also under the new rules, a child-directed content provider will be responsible for personal information collected from children by third parties who provide services through the operator's website or application, if the third party has not already obtained proper parental consent. For example, integrated plug-ins (like third-party video players), ad networks, and other online services will be of particular concern for website owners under the new rules. Since the FTC can issue civil fines up to $16,000 for each violation and obtain injunctive relief to enforce its rules, website and online service operators should, to be safe, review not only their own data collection policies, but also policies used by third parties whose content or programs can be accessed from their sites and services.

Companies that may be affected by the newly revised rules should consult with knowledgeable counsel to review the ways they collect or use such information and determine whether parental consent is required in their particular circumstances. As a further aid, the FTC recently published a series of frequently asked questions to aid in the interpretation and implementation of the newly revised rules, which are available at http://business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.