FTC Releases Long-Awaited COPPA FAQs

Published On April 26, 2013 | By Melissa Maalouf | Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

The FTC released its revised COPPA FAQs, which companies have been eagerly awaiting since the release of the FTC’s revised COPPA Rule in December 2012. The FTC’s press release issued in connection with the revised FAQs explains that the document is intended to serve as guidance to supplement the Rule and other COPPA-related material previously published by the FTC.

Some of the highlights of the revised FAQs involve providing information about:

  • What type of notice and choice companies are required to give for information previously collected from children that was not considered personal information under the old Rule but is considered personal information under the new Rule.
  • The specific information that must be included in the direct notice to parents depending on the circumstances surrounding why the operator is providing the direct notice.
  • How websites with services that are directed to children, but not primarily directed to children, can implement age-screening mechanisms.
  • The circumstances under which third parties will be held to have “actual knowledge” that they have collected personal information from children on another website.
  • First party operators’ duties with respect to informing third parties about the child-directed nature of their website, and first party operators’ duties to determine the information collection practices of all third parties collecting information on their sites.
  • The new parental consent mechanisms provided in the new Rule.
  • Whether mobile app providers can rely on a parent’s app store account to serve as verifiable parental consent.
  • What activities fall under the “internal operations” exception to the new rule, and whether such exceptions apply to both first parties and third parties.
  • The obligations that a third party has after discovering that it has been collecting information via a child-directed service.
  • Implementing COPPA protections in schools.

In addition to the FAQs, the FTC also maintains a “COPPA Hotline” email address, COPPAHotLine@ftc.gov, where companies can send questions regarding compliance with the Rules. The new rules are set to go into effect on July 1, 2013, although a number of industry groups recently sent a letter to the FTC asking for a 6-month extension due to the short implementation timeline and given that the FAQs were only released 2 months prior to the deadline.


About The Author

Melissa Maalouf’s practice focuses on advising a broad range of clients, from start-ups to established companies, on both U.S. and international data privacy and security issues. Melissa assists clients in drafting appropriate website disclosures, implementing legally-compliant e-commerce flows, responding to FTC Section 5 and state AG enforcement actions, analyzing advertising claims, and children’s online privacy and safety issues. She also regularly helps clients obtain certification under the EU-US Safe Harbor and navigate compliance with divergent international privacy laws.