Just this morning, the FTC updated its Compliance FAQs respecting the Children’s Online Protection Privacy Act (COPPA). The updates are intended to address the revised Rule implementing the Act, which will go into effect on July 1, 2013.
The FAQs are principally intended to assist compliance with the four new categories of information added to the Rule’s definition of "Personal Information":
- Geolocational Information: The Rule now provides that all geolocational information must have parental consent, whether obtained before or after the implementation date.
- Photos or Videos or Audio files containing images or audio of children: If collected prior to the date of the amended rule, consent is not required, but strongly suggested by the FTC.
- Screen or User Names: If collected prior to the date of implementation, consent is not required unless the user associates new identifying information with the user name after the date of implementation.
- Persistent Identifiers: If collected prior to the date of implementation, consent is not required unless the site obtains new information after the date of implementation that allows tracking of a user over time or across websites. There is a technical exception for information collected solely for internal operations of a website.
The revised FAQs continue to provide good examples of both best practices and safe harbors regarding COPPA, and are definitely worth a review.