FTC Sends “Friendly” Reminders to Numerous Businesses About Looming COPPA Deadline
The FTC recently announced that more than 90 businesses located in the U.S. and abroad, including mobile applications, were sent “educational” letters reminding them of the looming July 1, 2013 deadline to comply with the new COPPA rules. While the FTC made clear that these letters only were directed to companies that appear to collect personal information from children under 13 and that the agency had not formally evaluated whether any particular recipient’s business practices were subject to COPPA, the letters make plainly obvious that the FTC is gearing up for the July 1, 2013 deadline and already is focused on a number of businesses that it believes will have to change their practices based on the amended COPPA Rule.
Two types of letters were sent – the first, a letter to domestic companies that may be collecting images or sounds of children – notes that under the revised COPPA Rule, personal information now includes photographs or videos with a child’s image, audio files that include a child’s voice, and screen or user names that function as online contact information. The FTC stressed that developers of apps covered by COPPA must: (i) give notice and get parental consent for personal information collected on the apps from third parties, such as ad networks, unless an exception applies; (ii) take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential; and (iii) meet new data retention and deletion requirements.
The second letter to domestic companies that may be collecting persistent identifiers from children focuses on the fact that persistent identifiers, such as cookies, IP addresses and mobile device IDs, that can recognize users over time and across different websites and online services, are considered personal information under the revised COPPA Rule. Here, the FTC reminds affected companies and apps to provide notice and obtain parental consent, unless the persistent identifier is used to conduct activities that support internal operations, such as maintaining or analyzing the function of the website or application, performing network communications, authenticating users or serving contextual advertisements.
In both letters, as well as similar letters that were sent to foreign companies whose content is directed to children in the U.S. (sound and image foreign letter and persistent identifier foreign letter), the FTC urges the recipients to review their websites and apps for COPPA compliance and provides contact information for FTC Staff Attorneys to answer questions.
Whether or not you received one of these letters from the FTC, all companies operating websites and mobile applications should be evaluating the applicability of the new COPPA Rules. It is evident that the FTC intends to actively assess compliance with the new rules, and if necessary, take enforcement actions. Many companies will have to revise their business practices to ensure either compliance with COPPA or that they are not subject to the amended Rule before the July 1 deadline – ZwillGen attorneys can assist on both fronts. We have been advising a variety of e-commerce, technology and mobile application companies on COPPA applicability and compliance for years and would be pleased to assist as the July 1 deadline approaches.