Think the FTC's Proposed Changes to the Children's Online Privacy Rule Don't Affect Your Company? Think Again!

Think the FTC's Proposed Changes to the Children's Online Privacy Rule Don't Affect Your Company? Think Again!

by Erika Brown Lee, Susan Linda Ross and Pamela Jones Harbour

Excerpt:

Does your company offer mobile apps with animated characters? Does your website have a section aimed at students, explaining your goods or services in a fun and educational way? Does your company run a contest for students to submit artwork or essays on your web site? Your company may be involved in healthcare or financial services or manufacturing, but these offerings could bring your company within the scope of the Children's Online Privacy Protection Act (COPPA) and the Federal Trade Commission's regulation.

On September 27, 2011, the FTC proposed updates to its COPPA regulation, which initially went into effect in 2000.

Personal Information

The FTC has significantly expanded the definition of "personal information" in its proposed amendments to COPPA. The changes reflect the growing consensus that, in light of evolving technologies, it has become harder to distinguish between personal information and non-personal information. Specifically, the definition of "personal information" has been revised to include, as separate categories: geolocation data; screen names; and photographs and audio/video files that contain a child's image or voice. This expansion is particularly noteworthy because in the existing definition, audio and video files are not mentioned, and photos and screen names are subject to COPPA requirements only if they contain contact information such as an email address. The current definition of "personal information" also incorporates persistent identifiers such as a customer number held in a cookie if it is associated with individually identifiable information. The amendments extend the scope of persistent identifiers to include all cookies, IP addresses, and unique device identifiers, unless website operators can demonstrate that the identifiers are collected solely for the purpose of internal operations.

Although the FTC did not propose changes to the definition of "online services," it explained that mobile technologies were generally considered within the scope of COPPA. Specifically, the FTC considers all of the following to be "online services" under COPPA: "mobile applications that allow children to play network-connected games, engage in social networking activities, purchase goods or services online, receive behaviorally targeted advertisements, or interact with other content or services. Likewise, Internet-enabled gaming platforms, voice-over-Internet protocol services, and Internet-enabled location-based services, also are online services covered by COPPA and the Rule." (76 Fed. Reg. 59807 (footnotes omitted)) The proposed amendments however, do not expand COPPA within one portion of the mobile realm. Specifically, the FTC notes: "The Commission agrees that where mobile services do not traverse the Internet or a wide-area network, COPPA will not apply." (76 Fed. Reg. 59807)

The FTC has also redefined what it means by the online "collection" of personal information. In its present form, COPPA applies only to websites that request information. The FTC now proposes to broaden the definition to include the passive tracking of children online, as well as the "prompting" and "encouraging" of children to disclose personal information. Notwithstanding the wider applicability of the revised definition however, the FTC also proposes to lower the threshold for an exemption. Currently, COPPA exempts website operators if 100% of the information collected from children online is deleted before it is made public. Under the amendments, the agency would require the operator to take "reasonable measures" to delete all or "virtually all" of the information collected.

Access the full version of "Think the FTC's Proposed Changes to the Children's Online Privacy Rule Don't Affect Your Company? Think Again!" with your lexis.com ID. Additional fees may be incurred.

If you do not have a lexis.com ID, you can purchase this commentary and additional Emerging Issues Commentaries from the LexisNexis Store.

Lexis.com subscribers can access the complete set of Emerging Issues Analyses for Cyber & E-Commerce Law and the Cyber & E-Commerce Area of law page.

For more information about LexisNexis products and solutions connect with us through our corporate site.

This article was prepared by Erika Brown Lee (ebrownlee@fulbright.com or 202 662 0398), Sue Ross (sross@fulbright.com or 212 318 3280), and Pamela Jones Harbour (pharbour@fulbright.com, 202 662 4505 or 212 318 3324) from Fulbright's Privacy, Competition, and Data Protection Practice Group.