Children’s Advocates File Request to Supplement FTC COPPA Proceeding; FTC Extends COPPA Comment Deadline

Published On August 28, 2012 | By Melissa Maalouf | General, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

On 8/22, the Center for Digital Democracy (“CDD”) and a group of children’s advocate groups sent a letter to the FTC seeking to supplement the record in the FTC’s Children’s Online Privacy Protection Act (“COPPA”) proceeding.   In the letter, the advocates alleged that child-directed websites sometimes use “refer-a-friend” marketing programs to place third-party cookies on children’s computers and to collect and store photographs of children.

The advocates explained that some companies, including McDonald’s on its website, use refer-a-friend programs to encourage children using their websites to provide email addresses of their friends, and then use those email addresses to send viral marketing messages.  The advocates alleged that often times the companies collect other information of a sensitive nature from children in connection with the requests, such as photographs of the child sending the message, and that some also place tracking cookies that can be used for behavioral advertising purposes on the computers of children who send and receive these messages.

The advocates explained that the collection and use of children’s photographs by a growing number of companies in connection with refer-a-friend programs highlights the need to promptly update the COPPA Rule per the FTC’s proposal by including photographs under the definition of personal information.  They argued that this change is especially needed since photographs often contain information, such as geolocation data, that permits physical or online contact with children.  The advocates also noted that the tracking of children’s Internet activity through cookies and persistent identifiers for the purpose of behavioral targeting is at odds with COPPA.  They therefore urged the FTC to promptly revise the COPPA Rule to clarify that this activity is prohibited unless the operator first provides notice and obtains verifiable parental consent.

In addition to seeking to supplement the COPPA record, the letter also contained a request for the FTC to investigate five companies (McDonald’s, General Mills, Doctor’s Associates, Viacom, and Turner Broadcasting) that the advocates alleged are using refer-a-friend programs to collect personal information from children on children’s websites without providing notice and obtaining advance parental consent required by COPPA.  Specifically, the advocates alleged that these companies do not provide sufficient notice of or obtain parental consent prior to collecting and using children’s email addresses, and that the collection of email addresses from children for viral marketing campaigns does not fall within any of the recognized COPPA exceptions.  They also argued that the companies do not use refer-a-friend programs in accordance with the FTC’s COPPA FAQ 44 regarding the sending of electronic postcards.  Since the advocates believe that companies have been using FAQ 44 to collect information from children in connection with electronic postcards in violation of COPPA, they also urged the FTC to rescind or clarify the guidance in that FAQ.

Following the receipt of the letter, on 8/27, the FTC announced that it is extending until 9/24 the deadline for receiving public comments in response to its Supplemental Notice of Proposed Rulemaking on revising the COPPA Rule issued on 8/1.

About The Author

Melissa Maalouf’s practice focuses on advising a broad range of clients, from start-ups to established companies, on both U.S. and international data privacy and security issues. Melissa assists clients in drafting appropriate website disclosures, implementing legally-compliant e-commerce flows, responding to FTC Section 5 and state AG enforcement actions, analyzing advertising claims, and children’s online privacy and safety issues. She also regularly helps clients obtain certification under the EU-US Safe Harbor and navigate compliance with divergent international privacy laws.