In an earlier blog, we discussed the requirements for what is known as the Children’s Online Privacy Protection Act (COPPA). [will provide hyperlink to the blog] In April 2013, the FTC issued several updates aimed at addressing the revised rule implementing the act, which will go into effect on July 1, 2013. These updates are aimed at assisting compliance with the four new categories of information added to the rule’s definition of “Personal Information”. These include:
- Geolocational Information: The rule now provides that all geolocational information must have parental consent, whether obtained before or after the implementation date.
- Photos or videos or audio files containing images or audio of children: If collected prior to the date of the amended rule, consent is not required, but it is strongly suggested by the FTC.
- Screen or User Names: If collected prior to the date of implementation, consent is not required unless the user associates new identifying information with the user name after the date of implementation.
- Persistent Identifiers: If collected prior to the date of implementation, consent is not required unless the site obtains new information after the date of implementation that allows tracking of a user over time or across websites. There is a technical exception for information collected solely for internal operations of a website.
These additions alone make it worthwhile to learn how COPPA applies to any website your organization operates now or plans to operate in the future.