The Federal Trade Commission adopted final amendments to the Children’s Online Privacy Protection (COPPA) Rule today.  The amendments are the result of a review initiated by the FTC in 2010 to adapt to changes in technology and in the way children use and access the Internet.

Highlights of the amendments include:

  • Modification of the list of “personal information” that cannot be collected without parental notice and consent.  Geolocation information, photographs, and videos are now on the list.
  • A streamlined, voluntary, and transparent process for getting approval of new ways of obtaining parental consent.
  • Closing of a loophole that allowed third parties, on behalf of kid-directed apps and websites, to use plug-ins to collect personal information from a child without parental notice and consent.
  • Strengthening of data security protections by requiring covered website operators and online service providers to take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential.
  • Application of the COPPA Rule to persistent identifiers that can recognize users over timer and across different websites or online services, such as IP addresses and mobile device IDs.
  • Revision of the parental notice provisions to help ensure that operators’ privacy policies, and the notices they must provide to parents before collecting children’s personal information, are concise and timely.
  • Approval of new methods that operators can use to obtain verifiable consent.  The new methods are: electronic scans of signed parental consent forms; video-conferencing; use of government-issued identification; and alternative payment systems.

The amended Rule goes into effect on July 1, 2013.  The full text of the Federal Register Notice adopting the amendments can be found here.

It’s time for updates to my post on the Hawaii case concerning censorship of user comments on the Honolulu Police Department’s Facebook fan page.  First, I’ve obtained a full copy of the complaint including the exhibits, which fleshes out the facts of the case.  According to the first two exhibits to the complaint, one of the plaintiffs (Christopher Baker) posted comments alleging that the HPD of violating the constitution and due process and criticizing the HPD and other government agencies for corruption and mismanagement.  In a separate comment thread, the HPD told another user: “comments depicting unlawful activity is a violation of the posting guidelines.  Your comment has been deleted.”  Baker responded with comments criticizing the HPD for “internet censorship” and exercising “internet nazi powers.”  An exchange between the HPD and Baker followed, and at some point the HPD told Baker: “@Christopher, you’ve had a history of using defamatory terms in your comments.  The posting guidelines are clear.  Dissenting opinions are appropriate but the use of defamatory comments such as ‘internet nazi powers’ are not.  Your comments have been deleted.”  Baker’s co-plaintiff (Derek Scammon) responded to the HPD’s deletion comment with his own: “So I take it that HPD doesn’t care much about allowing freedom of speech?  All the one-sided comments referring to posters who have been deleted seem a little forboding.  Does asking about deleted posts violate the posting guidelines?  I’d hate to get my post deleted for talking about posts that got deleted.”  Scammon separately engaged the HPD in a conversation on the HPD Page regarding the need for Honolulu residents to be allowed to carry concealed weapons.

Second, I’ve gotten copies of the motions for a temporary restraining order and preliminary injunction that were filed at the same time as the complaint.   The TRO motion was deemed moot at an August 22 status conference (the reason for this is unknown).  It is apparent, however, that the HPD is no longer banning certain users from commenting on the HPD Page.  Yesterday, the court held a status conference in which it deemed the preliminary injunction motion moot based on the HPD’s reversal of position and the agreement of the parties (the details of the agreement are not clear).  Another status conference is set for October 4.  We’ll follow the case and keep you posted.

Twitter will appeal the recent decision of a New York court ordering it to turn over the tweets of an Occupy protester being prosecuted for disorderly conduct.  Twitter’s legal counsel, Benjamin Lee (@BenL) , announced the decision in a tweet (how appropos).  Read the Wall Street Journal story here.  We’ll follow the appeal.

ICANN not a “domain name authority” under ACPA; no in rem jurisdiction in district where ICANN is basedVizer v. Vizernews.com, 2012 WL 2367130 (D.D.C. June 22, 2012)

First off, my apologies for writing two consecutive posts with headlines that play off the word “can’t.”  Now on to more serious matters…

This case scuttles one way of getting a quick default judgment against a cybersquatter who is nowhere to be found.  The plaintiff (Vizer) wanted to bring a cybersquatting suit against the registrant of a domain name that contained his last name and was linked to a website dedicated to providing news about him (Vizernews.com).  Vizer couldn’t identify the registrant of the domain name; the domain was registered anonymously and the registrant used a privacy service to hide its contact information.  Vizer therefore brought an in rem action under the Anti-Cybersquatting Consumer Protection Act (ACPA).  Vizer is correct that the ACPA allows a trademark owner to file an in rem civil action against a domain name in the judicial district in which the “domain name registrar, domain name registry, or other domain name authority is located.”  The issue is, did Vizer file in the correct judicial district?

Vizer filed the in rem action in Washington, D.C. on the theory that the Internet Corporation for Assigned Names and Numbers (ICANN) maintains an office there.  The court dismissed the case because ICANN didn’t fit into any category of entities who can be sued in rem under the ACPA.  ICANN is not the domain name registrar (in this case, Melbourne IT, LTD d/b/a Internet Names Worldwide) nor the registry (in this case, VeriSign, Inc.).  Vizer argued that ICANN is a “domain name authority,” but the court rejected that suggestion.  According to the court, the term “domain name authority” refers to an entity that has some authority over the domain name, i.e., it plays a role in registering or assigning domain names.  ICANN doesn’t do either of those things.  Although ICANN coordinates the global domain name system, it doesn’t actually assign specific domain names or maintain a registry of such names.  The court also found persuasive legislative history of the ACPA stating that the in rem provision was not meant to cover ICANN.

LegalTXT Lesson: It looks like Vizer’s attorneys did their homework before going the in rem route.  I’m not sure what they could’ve done differently, except one wonders why they didn’t file in where the registrar (VeriSign) is located.  Verisign is based in Reston, Virginia, just a short distance far from D.C.