The Federal Trade Commission announced yesterday it will not delay the July 1, 2013 date of implementation to update Children’s Online Privacy Protection Rule (COPPA). Over 19 trade associates have requested for an extension claiming more time is needed for the companies to transition and come up to par with current business practices. Many companies fear the significant impact that comes with COPPA 2.0 changes.
Extension Response from Commission Letter
Due to the “proliferation” of the digital market, including mobile devices, online social environments, virtual worlds and children’s accessibility to these mediums the Commission noted the COPPA rule was on a “accelerated schedule.” 1.
Final amendments have been announced and Commission issues the statement of basis and purpose (SBP) and responds to analysis of public comments of obligated parties. Making note of costs and burdens of compliance as well as Commissions decision on the effective date of July 1, 2013 (Consistent with original rule and time frame of November 3, 1999 and its effective date on April 21, 2000). 2.
Commission responds it has provided sufficient guidance in regard to obligation of amended rule and responsible parties and its effective date is adequate.
Concerns Addressed by the Commission Letter
Commission narrows proposed standard and provides guidance.
“Knowledge, by its very nature, is a highly fact-specific inquiry. The Commission believes that the actual knowledge standard it is adopting will likely be met in most cases when: (1) A child-directed content provider (who will be strictly liable for any collection) directly communicates the child-directed nature of its content to the other online service; or (2) a representative of the online service recognizes the child-directed nature of the content.” 3.
Commission makes note of “the potential burden” child directed sites and its third parties undertake to appease COPPA rule.
“It cannot be the responsibility of parents to try to pierce the complex infrastructure of entities that may be collecting their children’s personal information through any one site. . .the primary-content site or service is in the best position to know which plug-ins it integrates into its site.” 4.
Commission responds it will not provide “safe harbor” from liability, but will consider the degree of due diligence provided by the obligated parties.
Definition of Persistent Identifier (Personal Information)
Commission makes exception to “persistent identifier” and allows collection of data for support and internal operations.
“That persistent identifiers are also used for a host of functions that have little or nothing to do with contacting a specific individual, and that these uses are fundamental to the smooth functioning of the Internet, the quality of the site or service, and the individual user’s experience.” 5.
Commission responds that all interested parties can request approval of additional functions related to “support for internal operations.”
In closing, the Commission states the lack of concrete facts invalidates the request for extension.
For more information on COPPA Compliance & Child Online Safety follow us on Twitter @Inversoft
1. 2011 Notice of Proposed Rulemaking available at http://ftc.gov/os 2011/09/110915coppa.pdf
2. See http://www.ftc.gov/opa/2012/12/coppa.shtm (Dec. 19, 2012 press release announcing adoption of final amendments to the COPPA Rule).
3. See also Complying with COPPA: Frequently Asked Questions, available at http://business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions, FAQ
4. See also Complying with COPPA: Frequently Asked Questions, available at http://business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions, FAQ