New Rule for the New Year – Children’s Privacy Update

Protecting Kids' Privacy OnlineLast month, the Federal Trade Commission announced that it had updated the Children’s Online Privacy Protection Act (COPPA). The Rule, which is now almost 13 years old, was originally designed to minimize the collection of personal information from children and, in the words of FTC Chairman Jon Leibowitz, to ensure that parents are “the gatekeepers who get to decide whether or not to let others collect personal information from their children online.”

In the updated version of the rule, definitions have been changed, requirements modified and provisions added. In general, the revisions strengthen some of the protections that had been in place, and give parents more control over their children’s data.

If you’re up for a good read, the new rule came out as part of a 167-page document, which explains all the whys, when’s and a few of the how’s of compliance. But, if you prefer your policy in smaller doses, here are a few of the basics to help you get started.

1. You probably already know that the Rule requires that collection of personally identifiable information (PII) from children under 13 may only be done with prior, verifiable parental consent. But, the definition of PII has been expanded. Geolocation information is now emphasized as PII. In addition, photos, videos, audio files and in some cases, persistent identifiers such as IP addresses and mobile device IDs, are now covered.

2. Think you’re off the hook because your primary target audience isn’t children? Think again. The Rule now applies to plug-ins and ad-networks that “have actual knowledge” that they are collecting PII from a child-directed site or service. Also, if you are a general audience site with pages that are for children, you’re going to want to be sure you’re in compliance on those pages.

3. Do you have plug-ins or ad networks on your child-directed site or service? If so, pay close attention, as you’re now responsible for compliance related to data that those services collect from your users.

4. Don’t forget about data security. You need to have “reasonable procedures” in place to protect the security of the PII you have collected, and for deleting it when the data is no longer needed. Also, if you release the data to any third parties, you need to take “reasonable steps” to ensure that they can protect the data as well.

5. You’ve been hearing the complaints for awhile now – privacy policies are long, complicated and generally difficult for users to read. The new rule makes it a little bit easier to keep your privacy policy streamlined, but there are still specific requirements on what needs to be included.

And yes, there is more.

This all goes into effect on July 1. Your lawyer and your compliance representative have already read through the Rule, and they’re ready for you. Take some time to talk to them now to be sure you understand the changes and how they might apply to your site, service or app.

How do you manage COPPA compliance for your kid or teen targeted social marketing campaigns?

Linnette Attai

About Linnette Attai

Linnette Attai is a media and marketing compliance executive with extensive expertise navigating regulatory and self-regulatory environments surrounding advertising, marketing, content, privacy, safety and ethical concerns. As the founder of PlayWell, LLC, Linnette focuses on guiding clients through compliance issues related to child and teen-directed media and marketing, including digital and mobile privacy and safety.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>