Today’s Business Blog post is brought to you by the letters C-O-P-P-A. If your website or online service is covered by the Children’s Online Privacy Protection Act, you’re readying your business for the changes that go into effect on July 1, 2013. For the benefit of those looking for a compliance refresher, the FTC just sent out letters to more than 90 companies that may be affected by the revision to the Rule.
The letters went to businesses in the U.S. and abroad whose online services – including mobile apps – appear to collect personal information from kids under 13. If you or your clients got a letter: Relax. They’re not an official FTC evaluation of the company’s practices. But they should serve as a reminder that now’s the time for a COPPA check-up.
Under the revised Rule – which the FTC announced in December 2012 – the definition of “personal information” has been expanded to include photos, videos, and audio recordings of children. Also covered: persistent identifiers that can recognize users over time and across different websites and online services. Persistent identifiers can range from online user names to cookies or mobile device ID numbers.
If your app collects, stores or transmits this information or other personal data already covered by COPPA (for example, a child’s name or address), you first need to get parental consent. In addition, companies must see to it that any third party receiving the information can keep it secure and confidential – and can abide by new rules affecting how the information is stored and retained.
Remember: COPPA applies not only to information collected by an app itself, but also to information collected by third parties, like advertising networks within an app.
Even if your clients didn’t get a letter from the FTC, it’s helpful to see what the FTC is saying to recipients. The FTC sent one letter to U.S. companies that may be collecting images or sounds of children and another letter to U.S. companies that may be collecting persistent identifiers from kids. Similar letters about kids’ images or sounds and persistent identifiers went to foreign companies whose content is directed to children in the U.S.
Consider following the example of other savvy businesses and assign knowledgeable staff to oversee how your company is implementing the changes to COPPA. Lots of help is available, including the FTC’s just-updated Complying with COPPA: Frequently Asked Questions. Send other questions to COPPAHotLine@ftc.gov.