FTC Proposes Major Amendments to COPPA Regulations

 

Comments due November 28, 2011

http://www.lermansenter.com/i/leventhal-logo-new.jpg

The Federal Trade Commission recently proposed several significant amendments to regulations implementing the Children’s Online Privacy Protection Act of 1998 (COPPA) that may impact radio, television and other media companies.  COPPA generally prohibits the online collection of personal information from children under the age of 13 without verifiable parental consent.  The FTC’s regulations also impose requirements on website or online services directed to children under the age of 13, and on operators of general audience websites or services that have actual knowledge that they are collecting personal information from children.  The proposed amendments are a result of the FTC’s review of its COPPA rules, which recognized advances in technology, the proliferation of internet-based mobile devices, and the increased use of Facebook and other social networking platforms by children.

The proposed amendments affirm that COPPA applies to websites, online services, and internet-based mobile applications and devices.  Several of the proposed changes, if adopted, will affect the development and use of mobile applications and services, as well as the implementation of online targeted or behavioral advertising.  For example, the FTC proposes to modify the definition of “personal information” subject to COPPA to include persistent identifiers such as an Internet Protocol address, cookies, a processor or device serial number, unique device IDs, and any “identifier that links the activities of a child across different websites or online services.”  These would be considered stand-alone categories of personal information, even though not linked to other identifying or contact information such as a name or email address, unless used solely for the maintenance of website or online service technical functionality.  The FTC is concerned that such information could be used to contact the child associated with it.  Additional proposed stand-alone categories of personal information that could be used to identify or contact a child include a user’s screen name (unless solely used for internal operations) and geolocation information.  Most smartphone devices and apps have geolocation tracking capacity as part of the operating technology.

Photographs, video, or audio files of a child’s image or voice are currently defined as personal information only when they are combined with other information that permits physical or online contacting of a child, such as an email or postal address.  However, the FTC recognized that photos may contain embedded geolocation data and that recent online technology allows for facial recognition in photos and videos, thus creating increased privacy risks for minors.  Therefore, the FTC has proposed to expand the definition of personal information to also encompass photos, video, and audio files posted by a child that include a child’s image or voice.  Expanding the definition in this manner would have ramifications for a radio or TV station’s website or social networking platform such as Facebook, and could affect station contests or promotions that are targeted to children and involve the posting of photos and videos.

In addition, the FTC has proposed to expand the definition of “collects or collection” to cover the online collection of personal information not only when an operator expressly requests such information, but also when the operator merely prompts or encourages a child’s submission of such information.  The proposed amendments also expand the definition of websites or online services “directed to children” to include musical content, child celebrities, and celebrities who appeal to children among the various indicia of child-directed content.  The current definition is based on a “totality of circumstances” test, which also includes factors such as audience composition, the presence of animated characters, or prizes that appeal to children.

The FTC also proposes new mechanisms for securing verifiable parental consent and the elimination of one current form of securing consent from a parent prior to the collection of any information from a child.  At present, parental consent is verifiable on a sliding scale subject to how a website operator or online service provider will use information collected, and whether the child’s information is disclosed to the public or a third party.  The FTC proposes to eliminate the “email plus” form of consent, in which a parent receives an email notice from the operator (plus an additional verification step, such as a follow-up email) seeking consent to collect the child’s personal information for internal purposes only.  The FTC found that email plus has become less reliable in verifying a parent’s identity.  The proposed new forms of verifiable consent include scanned versions of signed parental consent forms, the use of video conferencing, and the collection of some form of government-issued identification (such as driver’s license number or the last four digits of a parent’s social security number), with adequate security measures.

If you would like to file comments with respect to the proposed amendments by the November 28, 2011 deadline, or have any other questions about the amendments or compliance with COPPA in general, please contact S. Jenell Trigg at strigg@lermansenter.com, or 202.416.1090, or any other attorney in our office.

October 31, 2011 

 

Follow Lerman Senter on Twitter

 

This memorandum is intended only as a general discussion of these issues and should not be regarded as legal advice.

We would be pleased to provide additional details or advice about specific situations if desired.

Copyright © 2011, Lerman Senter PLLC

2000 K Street NW, Suite 600 | Washington, DC 20006-1809
tel. 202.429.8970 | fax 202.293.7783 | www.lermansenter.com

To Unsubscribe: Unsubscribe  |   To Update Client Info: Update Client Info