Amidst all of the recent news and developments about the privacy of kids and teens (including multiple Congressional hearings; Frances Haugen’s testimony; enactment of the UK’s and California’s Age Appropriate Design Codes; the Irish DPC’s GDPR decision against Instagram; numerous bills in Congress; and the FTC’s ongoing focus on kids’ privacy in policy statements, workshops, and its “commercial surveillance” rulemaking), the FTC still has a powerful tool that seems to be sitting on the back-burner: the Children’s Online Privacy Protection Act (COPPA) and its implementing rule.

But some members of Congress just wrote a letter to the FTC, asking it to make COPPA a priority.

Background on COPPA 

As most of our readers know, COPPA protects the privacy of kids under 13, mostly by requiring kid-directed web sites or apps, or sites/apps that have actual knowledge they’re dealing with kids, to get parental permission before collecting, using, or sharing kids’ data.  Enacted in 1998, COPPA is now nearly 25 years old, a dinosaur in today’s fast-moving world of privacy.  However, using the APA rulemaking authority granted in COPPA, the FTC has amended its COPPA rule to ensure that it keeps pace with developments – for example, extending the rule to ad networks and plug-ins; adding geolocation, persistent identifiers, photos, and videos to the definition of “personal information”; and strengthening the rule’s requirements governing data security, retention, and deletion.

However, those updates to COPPA became final in 2013 – almost ten years ago – and the FTC hasn’t amended the rule since then.  Although the FTC initiated a rule review in July 2019, that review is still pending more than three years later. According to Regulations.gov, the Commission received over 176,000 public comments in the rule review.  That’s a lot of comments, but it surely can’t explain such a lengthy delay.
Continue Reading Congress to FTC: “Please Update the COPPA Rule Now”

On Monday, the FTC issued an Enforcement Policy Statement stating that the Commission will not take action against operators that collect an audio file of a child’s voice as a replacement for written words, such as for translation into text, without first obtaining parental consent, provided the file is retained only for the brief time

Last week, True Ultimate Standards Everywhere, Inc. (“TRUSTe”) agreed to pay the New York Attorney General (“NYAG”) a $100,000 penalty, and beef up privacy measures, to settle alleged violations of the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501-6506 (“COPPA”). The Federal Trade Commission (“FTC”) is authorized to issue rules under COPPA,

This week, the FTC announced settlements with two mobile app developers – LAI Systems, LLC and Retro Dreamer (including two of its principals) – concerning allegations that their apps collected childrens’ personal information without obtaining parental consent in violation of COPPA.  These cases are the first in which the FTC has held a company liable

Last week, ten privacy groups requested that the FTC open an investigation into a Topps Co. online contest, which they allege violated the Children’s Online Privacy Protection Act (COPPA). Specifically, the groups claim that Topps’s #RockThatRock contest collected photos of children under age 13 without obtaining their parents’ consent.

Last spring, Topps invited its Facebook,

This week, the Federal Trade Commission announced the latest revisions to its Frequently Asked Questions (“FAQs”) document to assist online operators as they work to comply with changes to the Children’s Online Privacy Protection (“COPPA”) Rule that went into effect on July 1, 2013. The updated FAQs provide the following expanded guidance on verifiable parental

Last week, the Federal Trade Commission approved the kidSAFE Seal Program as a safe harbor program under the Children’s Online Privacy Protection Act (COPPA) and FTC’s COPPA Rule.  The FTC’s revised COPPA Rule (effective July 2013) restricts the ways that child-directed sites and their third-party affiliates can collect and use personal information from children under the age of 13.  The Rule contains a “safe harbor” provision enabling industry groups or others to submit self-regulatory program guidelines to the FTC for approval.  Companies that meet the requirements of a safe harbor program will be deemed to be in compliance with the COPPA Rule for purposes of enforcement.  To date, the FTC has approved six COPPA safe harbor programs.

In order to meet the requirements of the kidSAFE Seal Program, a child-directed site or service must demonstrate compliance with the basic safety guidelines (the “kidSAFE certification”) and additional privacy guidelines (the “kidSAFE+ certification”).  The program’s basic safety rules require: (1) chat and other interactive community features to be designed with safety protections and controls; (2) posting of rules and educational information about online safety; (3) procedures for handling safety issues and complaints to be in place; (4) parents to have basic safety controls over their child’s activities; and (5) content, advertising, and marketing to be age-appropriate.

Continue Reading FTC Approves kidSAFE as Safe Harbor Program Under COPPA

On February 16, 2012, Kelley Drye & Warren LLP hosted the seminar and audiocast, “Privacy in 2012: What to Watch Regarding COPPA, Mobile Apps, and Evolving Law Enforcement and Public Policy Trends.” The seminar highlighted regulatory and legislative developments in privacy and information security during the past year, with an emphasis on children’s online privacy

Changes to privacy regulations, such as proposed revisions to the Children’s Online Privacy Protection Act (COPPA), and continuously evolving technologies, including mobile apps with location-based services, can make it difficult for businesses to ensure their privacy practices are up to par.

On February 16, Kelley Drye will gather government leaders from the FTC and FCC