by Erika Brown Lee, Susan Linda Ross and
Pamela Jones Harbour
Does your company offer mobile
apps with animated characters? Does your website have a section aimed at
students, explaining your goods or services in a fun and educational way? Does
your company run a contest for students to submit artwork or essays on your web
site? Your company may be involved in healthcare or financial services or
manufacturing, but these offerings could bring your company within the scope of
the Children's Online Privacy Protection Act (COPPA) and the Federal Trade
On September 27, 2011, the FTC proposed updates to its COPPA regulation, which
initially went into effect in 2000.
The FTC has significantly expanded the definition of "personal
information" in its proposed amendments to COPPA. The changes reflect the
growing consensus that, in light of evolving technologies, it has become harder
to distinguish between personal information and non-personal information.
Specifically, the definition of "personal information" has been
revised to include, as separate categories: geolocation data; screen names; and
photographs and audio/video files that contain a child's image or voice. This
expansion is particularly noteworthy because in the existing definition, audio
and video files are not mentioned, and photos and screen names are subject to
COPPA requirements only if they contain contact information such as an email
address. The current definition of "personal information" also
incorporates persistent identifiers such as a customer number held in a cookie
if it is associated with individually identifiable information. The amendments
extend the scope of persistent identifiers to include all
cookies, IP addresses, and unique device identifiers, unless website operators
can demonstrate that the identifiers are collected solely for the purpose of
Although the FTC did not propose changes to the definition of "online
services," it explained that mobile technologies were generally considered
within the scope of COPPA. Specifically, the FTC considers all of the following
to be "online services" under COPPA: "mobile applications that
allow children to play network-connected games, engage in social networking
activities, purchase goods or services online, receive behaviorally targeted
advertisements, or interact with other content or services. Likewise,
Internet-enabled gaming platforms, voice-over-Internet protocol services, and
Internet-enabled location-based services, also are online services covered by
COPPA and the Rule." (76
Fed. Reg. 59807 (footnotes omitted)) The proposed amendments however, do
not expand COPPA within one portion of the mobile realm. Specifically, the FTC
notes: "The Commission agrees that where mobile services do not traverse
the Internet or a wide-area network, COPPA will not apply." (76
Fed. Reg. 59807)
The FTC has also redefined what it means by the online "collection"
of personal information. In its present form, COPPA applies only to websites
that request information. The FTC now proposes to broaden the definition to
include the passive tracking of children online, as well as the
"prompting" and "encouraging" of children to disclose
personal information. Notwithstanding the wider applicability of the revised
definition however, the FTC also proposes to lower the threshold for an
exemption. Currently, COPPA exempts website operators if 100% of the
information collected from children online is deleted before it is made public.
Under the amendments, the agency would require the operator to take
"reasonable measures" to delete all or "virtually all" of
the information collected.
Access the full version of "Think the FTC's Proposed
Changes to the Children's Online Privacy Rule Don't Affect Your Company? Think
Again!" with your lexis.com ID. Additional fees may be incurred.
If you do not have a lexis.com ID, you can purchase this commentary and additional Emerging Issues Commentaries from the LexisNexis Store.
Lexis.com subscribers can access the complete
set of Emerging Issues Analyses for Cyber & E-Commerce Law and
the Cyber & E-Commerce Area of law page.
For more information about LexisNexis
products and solutions connect with us through our corporate site.
This article was prepared by Erika Brown Lee (email@example.com
or 202 662 0398), Sue Ross (firstname.lastname@example.org
or 212 318 3280), and Pamela Jones Harbour (email@example.com,
202 662 4505 or 212 318 3324) from Fulbright's Privacy, Competition, and Data
Protection Practice Group.