COPPA Update: FTC Changes Rules Protecting Children Online (Again)

The ink was barely dry on the Federal Trade Commission’s latest set of proposed changes to the Children’s Online Privacy Protect Act – or COPPA – when the agency announced another round of revisions.

Why the change? The business community spoke up, and the FTC listened. From law firm BuckleySandler:

“In September 2011, the FTC sought comments on certain proposed changes to its COPPA Rule. In response to the hundreds of comments received, as well as subsequent efforts to enforce the rule, the FTC now is proposing to modify certain definitions to enhance protections related to the online collection, use, or disclosure of children’s personal information.” (FTC Considers Additional Revisions to Children’s Online Privacy Protection Rule)

The latest revisions mean that publication of the final rules will be delayed to get additional input from the public (comments are due by on September 10). In the meantime, three takeaways:

1. Even more business are subject to COPPA rules

“…the FTC proposes to modify the definition to include operators of websites where personal information is collected or maintained on behalf of an operator, and ‘in the interest of, as a representative for, or for the benefit of’ the operator. If adopted, this definitional change will mean operators of child-directed sites or services that choose to integrate services of others that collect personal information from visitors would be subject to the parental notice and consent requirements applicable to a covered ‘operator’ under the COPPA Rule.” (FTC Proposes Revised Definitions for Its Previously Proposed COPPA Rule Changes by Davis Wright Tremaine LLP)

2. More websites will need to screen for users under 13

“The FTC is also proposing to allow websites with mixed audiences (e.g., parents and over 13) to age-screen visitors to provide COPPA’s protections only to those under 13. However, kid-directed sites or services that knowingly target under-13s as their primary audience or whose overall content is likely to attract kids under that age could not use that method.” (FTC Proposes New Rules on Children’s Online Privacy Issues by Ifrah Law)

3. IP addresses and other unique identifiers will be considered “personal information”

“Commenters to the FTC’s September proposal also objected that the proposed definitions of ‘persistent identifier’ and functions that support ‘the internal operations of the site or service’ were not sufficiently clear. The FTC has responded with new proposed definitions: one that expressly defines a ‘persistent identifier’ as an identifier ‘used to recognize a user over time, or across different websites or online services;’ and another that defines the activities that qualify as ‘support for the site’s or service’s internal operations’ (and that therefore do not trigger COPPA’s obligations)…” (FTC Proposes Further Significant Changes to Its COPPA Rule by Morrison & Foerster LLP)

See also:

Follow @Privacy_Law updates on Twitter>>