The FTC has been seeking public comment and input for a number of years on whether its regulations under the Children's Online Privacy Protection Act of 1998 needed to be revised or updated to address changes in technology and business. Today, the FTC released its proposed revisions to COPPA for public comment (due by November 28, 2011). As summarized by the FTC's release, among the proposed changes are the following: Definitions The COPPA Rule requires covered operators to obtain parental consent before collecting personal information from children. The FTC proposes updating the definition of "personal information" to include geolocation information and certain types of persistent identifiers used for functions other than the website's internal operations, such as tracking cookies used for behavioral advertising. In addition, the Commission proposes modifying the definition of "collection" so operators may allow children to participate in interactive communities, without parental consent, so long as the operators take reasonable measures to delete all or virtually all children's personal information before it is made public. Parental Notice The proposed amendments also seek to streamline and clarify the direct notice that operators must give parents prior to collecting children's personal information. The proposed revisions are intended to ensure that key information will be presented to parents in a succinct "just-in-time" notice, and not just in a privacy policy. Parental Consent Mechanisms The FTC also proposes adding new methods to obtain verifiable parental consent, including electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database, provided that the parent's ID is deleted promptly after verification is done. These supplement the nonexclusive list of methods already set forth in the Rule. The FTC proposes eliminating the less-reliable method of parental consent, known as "e-mail plus," which is available to operators that collect personal information only for internal use. This method currently allows operators to obtain consent through an email to the parent, coupled with another step, such as sending a delayed email confirmation to the parent after receiving consent. To encourage the development of new consent methods, the Commission proposes establishing a voluntary 180-day notice and comment process whereby parties may seek Commission approval of a particular consent mechanism. In addition, the Commission proposes permitting operators participating in a Commission approved safe-harbor program to use a method permitted by that program. Confidentiality and Security Requirements To better protect children's personal information, the Commission proposes strengthening the Rule's current confidentiality and security requirements. Specifically, the Commission proposes adding a requirement that operators ensure that any service providers or third-parties to whom they disclose a child's personal information have in place reasonable procedures to protect it, that operators retain the information for only as long as is reasonably necessary, and that they properly delete that information by taking reasonable measures to protect against unauthorized access to, or use in connection with, its disposal. Safe Harbor Finally, the FTC proposes to strengthen its oversight of self-regulatory "safe harbor programs" by requiring them to audit their members at least annually and report periodically to the Commission the results of those audits. The attorneys of the Advertising, Marketing & Promotions practice group at Olshan would be happy to assist clients in understanding and preparing comments on the proposed new COPPA language.
Read more detail on Recent Advertising Law Posts –
FTC Releases Proposed COPPA Regs Revision for Comment
The FTC has been seeking public comment and input for a number of years on whether its regulations under the Children's Online Privacy Protection Act of 1998 needed to be revised or updated to address changes in technology and business. Today, the FTC released its proposed revisions to COPPA for public comment (due by November 28, 2011). As summarized by the FTC's release, among the proposed changes are the following: Definitions The COPPA Rule requires covered operators to obtain parental consent before collecting personal information from children. The FTC proposes updating the definition of "personal information" to include geolocation information and certain types of persistent identifiers used for functions other than the website's internal operations, such as tracking cookies used for behavioral advertising. In addition, the Commission proposes modifying the definition of "collection" so operators may allow children to participate in interactive communities, without parental consent, so long as the operators take reasonable measures to delete all or virtually all children's personal information before it is made public. Parental Notice The proposed amendments also seek to streamline and clarify the direct notice that operators must give parents prior to collecting children's personal information. The proposed revisions are intended to ensure that key information will be presented to parents in a succinct "just-in-time" notice, and not just in a privacy policy. Parental Consent Mechanisms The FTC also proposes adding new methods to obtain verifiable parental consent, including electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database, provided that the parent's ID is deleted promptly after verification is done. These supplement the nonexclusive list of methods already set forth in the Rule. The FTC proposes eliminating the less-reliable method of parental consent, known as "e-mail plus," which is available to operators that collect personal information only for internal use. This method currently allows operators to obtain consent through an email to the parent, coupled with another step, such as sending a delayed email confirmation to the parent after receiving consent. To encourage the development of new consent methods, the Commission proposes establishing a voluntary 180-day notice and comment process whereby parties may seek Commission approval of a particular consent mechanism. In addition, the Commission proposes permitting operators participating in a Commission approved safe-harbor program to use a method permitted by that program. Confidentiality and Security Requirements To better protect children's personal information, the Commission proposes strengthening the Rule's current confidentiality and security requirements. Specifically, the Commission proposes adding a requirement that operators ensure that any service providers or third-parties to whom they disclose a child's personal information have in place reasonable procedures to protect it, that operators retain the information for only as long as is reasonably necessary, and that they properly delete that information by taking reasonable measures to protect against unauthorized access to, or use in connection with, its disposal. Safe Harbor Finally, the FTC proposes to strengthen its oversight of self-regulatory "safe harbor programs" by requiring them to audit their members at least annually and report periodically to the Commission the results of those audits. The attorneys of the Advertising, Marketing & Promotions practice group at Olshan would be happy to assist clients in understanding and preparing comments on the proposed new COPPA language.
Read more detail on Recent Advertising Law Posts –
Related posts: