This week, the Federal Trade Commission (FTC) updated its guidance for businesses on complying with the Children’s Online Privacy Protection Rule (COPPA) . If a website operator or operator of online services collects personal information from kids under 13, then the business must comply with COPPA. The definition of “personal information” is broad and includes a child’s name, voice, address, photo, email address or telephone number. COPPA encompasses a wide range of activities, including mobile apps and toys or other products connected to the internet. This means that businesses, including franchised businesses, geared towards selling products or providing services to children are covered by COPPA and must strictly comply with the Rule.
The FTC now provides new and updated guidance in three main areas:
- New Business Models. The FTC broadens the scope of covered businesses to account for new ways that companies collect data.
- New Products. If your franchise offers and sells a product that connects to internet and collects personal information, including voice recordings or geolocation data, then COPPA applies to your business.
- Parent Consent Collection Methods. One of the main features of COPPA is its requirement that businesses obtain parental consent BEFORE collecting a child’s personal information. The new guidance discuses two newly-approved methods for getting parental consent: asking knowledge-based authentication questions and using facial recognition to get a match with a verified photo ID.
With technology constantly evolving and the nearly universal collection of personal data by websites and apps (particularly the now frequently common collection of geolocation data), a franchise system providing products or services to children must keep up to date on the FTC’s latest COPPA guidance. The FTC also provides answers to frequently asked questions about COPPA here or you can email the FTC at firstname.lastname@example.org.