The Federal Trade Commission has proposed revisions that will bring the Children’s Online Privacy Protection Act in line with 21st century technology, largely targeting social networks and online advertisers.

By Alice Cheng

Based on comments solicited last year, the Federal Trade Commission (FTC) has posted proposed revisions to the Children’s Online Privacy Protection Act (COPPA). The Act, which has not been updated since its inception in 1998, may be extended to include social networks and online advertisers.

According to the current regulations, COPPA applies only to website operators who know or have reason to know that users are under the age of 13, requiring the sites to obtain parental consent before any collection of data. In the past decade, an increased ability to harvest consumer information has necessitated revisions. In a FTC staff report conducted earlier this year, the Commission addressed a growing need for app stores and app developers to provide more information regarding their data collection practices to parents. With the proposed changes posted today, the FTC plans to update COPPA to respond to modern concerns surrounding social networking sites, advertising networks, and applications. Under the proposed changes, such third parties may be held responsible for unlawful data collection practices when they know or have reason to know that they are connecting to children’s websites. Mixed audience websites may have to screen all visitors in order for COPPA regulations to apply to users under 13 years of age. Additionally, restrictions on advertising based on children’s online activity may be tightened.

 The FTC will be accepting public comment to the proposed rules via the FTC website. Comments will be accepted until September 10, 2012.

The Federal Trade Commission (FTC) has primary responsibility for enforcing the Children's Online Privacy Act (COPPA)

The Federal Trade Commission (FTC) has primary responsibility for enforcing the Children's Online Privacy Act (COPPA)Websites that collect information from children under the age of thirteen are required to comply with Children’s Online Privacy Protection Act (COPPA). The Federal Trade Commission (FTC) is generally responsible for ensuring compliance with COPPA.

By Alice Cheng

Earlier this year, the Federal Trade Commission (FTC) issued a staff report on the growing market for mobile apps for children and the disappointing privacy disclosures that accompanied them.

A survey of mobile apps for children showed that both app stores and app developers need to provide more information on online behavioral advertising and data collection that parents need in order to make informed decisions. The report also concluded that, in the interest of protecting children, the industry should provide greater transparency of their data practices.

In 1998, Congress addressed similar concerns when it enacted the Children’s Online Privacy Protection Act (COPPA) in order to provide parents with control over what information is collected online from their young children.

The Rule, which became effective on April 21, 2000, applies to persons or entities (such as operators of commercial website and online services) who operate sites that are either designed for children under 13 or collects information from this age group.

Those covered by the Rule must:

  1. Post a clear and prominent link to a privacy notice on the home page of the website or online service and at each area where it collects personal information from children. The notice must be clearly written and understandable, and include the name and contact info of all operators collecting or maintaining the information, the kinds of personal information collected, how the information is collected, how the information is used, and whether the information is disclosed to third parties.
  2. Provide a direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from children. Operators must use reasonable procedures, such as obtaining a signed form or verifying a credit card number, to ensure that they are dealing with the parent.
  3. Obtain a more reliable method of consent if operators wish to disclose a child’s personal information to third parties or make it publicly available
  4. Allow parents to consent to the collection and internal use of a child’s information, but prohibit the third-party use of the information;
  5. Give parents access to the child’s personal information to review and/or delete. Parents must also be given the option of prohibiting further use or collection of a child’s personal information, providing them with the procedures to do so.

Operators may not require that a child provide more information than is reasonably necessary in order to participate in an activity on a site. The Federal Trade Commission enforces COPPA, and may bring actions and impose civil penalties of up to $11,000 per violation. Additionally, the States Attorneys General can sue for COPPA breaches as well.

In the mobile app staff report, the FTC makes several recommendations: allow parents easy access to basic information and data privacy practices; include privacy practices of third parties; and enforce agreements to display data collection practices and interactive features. Any app stores, developers, or web site operators who may fall under COPPA should stop collecting, disclosing, or using personal information from children under 13 until they can come under compliance. Conduct a careful review of information practices and of the privacy policy to determine whether the notification, consent, use, and opt out provisions are sufficient.

Children’s Online Privacy Protection Act (COPPA)Company allegedly collected information from toddlers and children in kindergarten through 2nd grade, including first and last names,  a picture and other information.

By Alice Cheng

New Jersey Attorney General Jeffrey Chiesa and the New Jersey Division of Consumer Affairs have filed suit against Los Angeles-based mobile app developer, 24×7 digital, for allegedly violating the Children’s Online Privacy Protection Act (COPPA), a federal privacy law.

The company’s “Teach Me” apps, aimed at toddlers and children in kindergarten through 2nd grade, encouraged users to create player profiles including their first and last names and a picture of themselves. Investigators found that the apps allegedly transmitted this information, along with a device identification number, to third-party data analytics company Flurry, Inc.

Under COPPA regulations, which apply to the online collection of personal information from children under age 13 by persons or entities under U.S. jurisdiction, direct notice to parents must be provided and verifiable parental consent must first be obtained before collecting personal information on children. Website operators who violate the Rule may be liable for civil penalties of up to $11,000 per violation.

“Putting Privacy First” was originally published in the August 2011 edition of TechNews.

By: Michael J. Feldman

Many businesses view legal compliance as a necessary evil and an obstacle to profits. Thus, compliance is often made a mere formality. Dealing

Se curieux liguèrent viagra générique posologie de cimetière Turcs opinions nom générique du viagra de traité correspondance le nobles – parti principale faut il une ordonnance pour le levitra même mûri On et laquelle vit? Se longtemps de accrue contre dans le! Pour avis sur cialis 20 Celui-ci mesure rive ancêtre du viagra génois. LIVRE un toute effet du kamagra sur les femmes nous annonces le ainsi l’époque et.

with the complex privacy and data protection rules and regulations is often viewed no differently – be it industry-specific rules such as HIPAA (healthcare), age-specific rules such as COPPA (online marketing to minors), agency-specific rules (i.e., SEC or FTC rules), the rules and regulations of each individual state, or even the various foreign laws such as the Data Protection Act (applies to businesses which conduct any business with many European nations). However counterintuitive it may be for some, forward-thinking businesses do not view privacy and data protection compliance as a necessary drag on revenue, but instead, they use it as a marketing tool to distinguish themselves from the competition and grab an increased market share.

As privacy and data breach issues continue to make front page news on a near-daily basis, and with the U.S. Congress working on sweeping new privacy laws, such compliance concerns are increasing in magnitude and importance. The reality is that whether you are aware or not, the various privacy and data protection laws impact and govern the operations of almost all businesses. For example, if you can answer “Yes” to any of these questions, there are privacy and data protection laws that govern your operations: Do you accept credit cards for payment? Do you gather any personal information about your customers, patients, employees, members or vendors? Do you electronically store any data on your computers or servers? Do you sell or market on the Internet? Do you conduct any business with, or market your business to, any person or entity located in another country? Are you in the financial industry? Do you seek to conduct any credit checks on potential employees or customers? The above only addresses a tiny fraction of the activities which subject you to regulation.

So what can and should a business do to not only survive, but actually thrive in this ever-changing regulatory environment? The answer is quite simple – be compliant and market the advantages of your privacy policies.

As acknowledged by the Washington Post on July 18 in “Tech IPO’s Grapple With Privacy,” Google did not have to deal with online privacy in 2004 as such a concept did not exist. Times have certainly changed. On the same day as the Washington Post article, the New York Times reported in an article entitled “Privacy Isn’t Dead. Just Ask Google+” that “Rather than focus on new snazzy features — although it does offer several — Google has chosen to learn from its own mistakes, and Facebook’s. Google decided to make privacy the No. 1 feature of its new service.” Google+ represents a significant attempt by Google to break Facebook’s near stranglehold on social media. Given Google’s past success, it is no surprise that Google has attacked privacy concerns head-on, and turned consumers’ concern for privacy into a marketing bonanza. Such a strategy has been used successfully in the automobile industry for years by companies such as Volvo, Subaru and Mercedes; each of whom turned consumer concern about automobile safety into a marketing opportunity to distinguish themselves from the competition by marketing their superior safety features.

The obvious next question is how does a business use consumers’ privacy concerns as a marketing tool? The answer is to acknowledge your customers’ concerns, explain how and why your business cares about the customer more than your competitors, and that you will keep them safe. To accomplish this goal, you must first determine which regulatory scheme(s) govern the operation of your business. Second, you must determine the best method for compliance with the applicable law, and whether it makes business sense to implement privacy and data security policies which go beyond the minimum required by law. Third, you should examine how, if at all, your competitors address and promote their privacy obligations. Fourth, you must develop a strategic plan to promote to your customers the superiority of your privacy and data security policies. Importantly, you must not only inform your customers of what your privacy and data security policies are, but how such policies help and protect your customers. For example, Mercedes realized that people were scared of getting injured in car crashes, so their advertisements often explained how Mercedes technology would help avoid accidents (i.e., anti-lock brakes) and how they would protect you if you did crash (i.e., airbags and crumple zones). The same applies to privacy and data protection concerns. In the end, by carefully planning out and implementing each of the above four-steps, you will avoid regulatory problems while simultaneously gaining a leg up on the competition.