Today the Federal Trade Commission’s (FTC) rules promulgated under the Children’s Online Privacy Protection Act (COPPA) become effective. COPPA, passed by Congress in 1998, requires the FTC to issue and enforce regulations concerning children’s online privacy.
The purpose of COPPA is to protect children under age 13 and seeks to place parents in control over what personal information is collected from their children online. The rules promulgated by the FTC apply to operators of commercial web sites and services that collect, use or disclose personal information from children.
The updated rules require operators of online services to:
– Provide direct notice to parents and obtain parental consent before collecting personal information
– Provide parents access to their child’s personal information and allow them to have the information deleted
– Maintain the confidentiality of a child’s personal information
Under the rules personal information includes names, addresses, screen names, telephone numbers as well as any photographs, geolocation information or other online contact information.
The rules require businesses to immediately obtain parental consent for all geolocation information, photos or videos and screen names they have collected from children under age 13. Prior to the enactment of these rules the FTC sent more than 90 letters to online App Developers as part of an ongoing effort to help businesses comply with COPPA’s requirements. The FTC was careful to explain in the letters that receiving such a letter does not reflect a formal FTC evaluation of the company’s practices but rather seeks to assist companies to comply with the requirements prior to the rules becoming effective.
COPPA imposes additional requirements on online services that collect personal information from children who reside in Massachusetts. It is separate and distinct from the requirements imposed by M.G.L. c. 93H which concerns businesses that collect or license personal information about a Massachusetts resident.
The FTC has enforcement power and the penalty can be up to $16,000 per violation. Operators of websites, developers of apps and other online services that collect the personal information of children in Massachusetts should consult with an experienced attorney to navigate the complexities posed by COPPA’s implementation and to evaluate whether their services are in compliance with the updated rules.