On December 19, 2012, the FTC issued its long-awaited final amendments to the Children’s Online Privacy Protection Rule (“COPPA”). COPPA requires commercial websites and online services that are either directed to children under 13 or have actual knowledge that they are collecting personal information from children under 13 to obtain verifiable parental consent before collecting personal information from such children. The final revisions significantly modify or expand key definitions within the Rule, including the definitions of “operator,” “personal information,” and “website or online service directed to children,” and update the Rule’s requirements concerning parental notice and consent, and the existing safe harbor provisions. These changes both broaden the scope of online entities that are subject to COPPA and provide new pathways to compliance for certain child-directed sites. The amendments also include new safeguard requirements, including provisions that involve personal data minimization and disposal obligations.
The amendments to COPPA, which represent the first revisions to the Rule since it became effective in April 2000, respond to the substantial changes in consumer technology that have occurred during the past decade. Specifically, the revisions are intended to ensure that the Rule continues to provide privacy protections for children who increasingly participate in social networking and interactive gaming, or engage in online activities or applications (“apps”) through a mobile device. Because the FTC is able to levy fines of up to $16,000 per violation for non-compliance with the COPPA Rule, all companies that either collect information from children or operate a website or online service that may be attractive to children should carefully assess their legal obligations under the revised Rule.
For a detailed look at what’s changed in the COPPA Rule, please reference the Kelley Drye client advisory.