The Federal Trade Commission adopted final amendments to the Children’s Online Privacy Protection (COPPA) Rule today. The amendments are the result of a review initiated by the FTC in 2010 to adapt to changes in technology and in the way children use and access the Internet.
Highlights of the amendments include:
- Modification of the list of “personal information” that cannot be collected without parental notice and consent. Geolocation information, photographs, and videos are now on the list.
- A streamlined, voluntary, and transparent process for getting approval of new ways of obtaining parental consent.
- Closing of a loophole that allowed third parties, on behalf of kid-directed apps and websites, to use plug-ins to collect personal information from a child without parental notice and consent.
- Strengthening of data security protections by requiring covered website operators and online service providers to take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential.
- Application of the COPPA Rule to persistent identifiers that can recognize users over timer and across different websites or online services, such as IP addresses and mobile device IDs.
- Revision of the parental notice provisions to help ensure that operators’ privacy policies, and the notices they must provide to parents before collecting children’s personal information, are concise and timely.
- Approval of new methods that operators can use to obtain verifiable consent. The new methods are: electronic scans of signed parental consent forms; video-conferencing; use of government-issued identification; and alternative payment systems.
The amended Rule goes into effect on July 1, 2013. The full text of the Federal Register Notice adopting the amendments can be found here.