The FTC released its revised COPPA FAQs, which companies have been eagerly awaiting since the release of the FTC’s revised COPPA Rule in December 2012. The FTC’s press release issued in connection with the revised FAQs explains that the document is intended to serve as guidance to supplement the Rule and other COPPA-related material previously published by the FTC.
Some of the highlights of the revised FAQs involve providing information about:
- What type of notice and choice companies are required to give for information previously collected from children that was not considered personal information under the old Rule but is considered personal information under the new Rule.
- The specific information that must be included in the direct notice to parents depending on the circumstances surrounding why the operator is providing the direct notice.
- How websites with services that are directed to children, but not primarily directed to children, can implement age-screening mechanisms.
- The circumstances under which third parties will be held to have “actual knowledge” that they have collected personal information from children on another website.
- First party operators’ duties with respect to informing third parties about the child-directed nature of their website, and first party operators’ duties to determine the information collection practices of all third parties collecting information on their sites.
- The new parental consent mechanisms provided in the new Rule.
- Whether mobile app providers can rely on a parent’s app store account to serve as verifiable parental consent.
- What activities fall under the “internal operations” exception to the new rule, and whether such exceptions apply to both first parties and third parties.
- The obligations that a third party has after discovering that it has been collecting information via a child-directed service.
- Implementing COPPA protections in schools.
In addition to the FAQs, the FTC also maintains a “COPPA Hotline” email address, COPPAHotLine@ftc.gov, where companies can send questions regarding compliance with the Rules. The new rules are set to go into effect on July 1, 2013, although a number of industry groups recently sent a letter to the FTC asking for a 6-month extension due to the short implementation timeline and given that the FAQs were only released 2 months prior to the deadline.
