FTC Reminds Mobile App Developers To Comply With Revised Children's Privacy Requirements By July 1

Posted by Lindsey Tonsager on May 16, 2013

The Federal Trade Commission has sent letters to more than 90 different companies who develop mobile apps that the FTC claims may be directed to children.  The letters emphasize that the FTC has not evaluated the apps or the companies’ practices to determine if they comply with the current or revised COPPA Rule.  Instead, the letters remind these companies that if their apps collect, use, or disclose children's images and voices, mobile device identifiers, and other types of "personal information," they must bring their apps into compliance with the revised COPPA Rule by July 1, 2013.  

The letters were sent to US companies and foreign companies that the FTC claims direct their apps to children in the US.  The letters focus on the collection of persistent identifiers and photographs, videos, and audio containing a child’s image or voice.  The FTC did not identify the companies receiving the letters, but made templates of the different versions available on its website, including a letter to:  (1) US companies with apps that collect persistent identifiers; (2) US companies with  aps that collect videos, images, or audio of kids; (3) foreign companies with apps that collect persistent identifiers; and (4) foreign companies with apps that collect videos, images, or audio of kids.

The letters suggest that the FTC could continue to focus attention on kid-directed mobile apps once the revised COPPA Rule takes effect.  In February 2012 and December 2012, the FTC released reports analyzing hundreds of kid-directed mobile apps and concluding that many app developers could be doing more to provide clear and complete notice of their privacy practices.  And earlier this year the FTC entered into a consent decree with mobile app developer Path for alleged COPPA violations.  

FTC Votes To Retain July 1 Compliance Date for Revised COPPA Rule

Posted by Shelton Abramson on May 06, 2013

The Federal Trade Commission (FTC) has voted unanimously to retain the July 1, 2013 effective date for its revisions to the rule implementing the Children’s Online Privacy Protection Act (COPPA).  As we previously wrote, the FTC adopted significant revisions to the COPPA rule in December 2012 and established a July 1, 2013 effective date.  In recent weeks, nineteen consumer groups signed a letter opposing any delay in the effective date, while approximately twenty industry associations signed a letter arguing in favor of extending the effective date.  In late April, the FTC published updated Frequently Asked Questions on its website to provide additional guidance for complying with the revised COPPA rule.

Today, the Commission responded to the industry associations’ letter and informed them that it would retain the July 1, 2013 effective date.  The Commission acknowledged that the revised rule “does impose new obligations on child-directed sites and services,” but explained that, “in selecting an effective date of July 1, 2013, the Commission determined that six months would be adequate time for such operators to assess whether third parties collect personal information through their site or service.”    

Although the Commission did not extend the effective date, it did pledge to “exercise prosecutorial discretion in enforcing the Rule, particularly with respect to small business that have attempted to comply with the Rule in good faith in the early months” following July 1.

California Senate Unanimously Passes Online Privacy Bill That Would Give Minors an "Eraser Button"

Posted by Shelton Abramson on May 06, 2013

Last week, the California Senate unanimously passed a bill that would give California minors the right to “remove content or information” that they submit to websites, online services, online applications, or mobile applications.  The term “content or information” is not defined, and could be interpreted broadly to include any text, photos, videos, audio files, or other information provided by the minor.  Under S.B. 568, if a user under the age of eighteen years-old posted content or information on a website, online service, online application, or mobile application and later decided that he would like to have the content or information deleted, the operator of the website, online service, online application, or mobile application would be required to comply with this request. 

This requirement is subject to two important exceptions; websites, online services, online applications, and mobile applications would not be required to erase or eliminate content or information upon request (1) when other state or federal law requires that the site or service maintain the content or information, or (2) when the content or information is submitted by a third party other than the minor, or a third party republishes or resubmits content originally posted by the minor. 

Continue Reading

FTC's Current Enforcement Priorities: Infographic

Posted by Lindsey Tonsager on April 26, 2013

Speaking at a seminar hosted by the International Association of Privacy Professionals, Assistant Director Chris Olsen and Senior Attorney Peder Magee, both of the Federal Trade Commission's Division of Privacy and Identity Protection, provided a useful overview of the FTC's recent enforcement actions and current enforcement priorities.  Based on this discussion, the following infographic identifies the FTC's top four enforcement priorities, and recent and future activity that will inform its path forward:  

Slide1.JPG

FTC Releases Revised COPPA FAQs: Here's What's New

Posted by Lindsey Tonsager on April 25, 2013

The Federal Trade Commission has released its much anticipated revised COPPA FAQs.  Although these FAQs are not legally binding, they provide informal guidance to industry on staff's interpretations of the COPPA Rule. 

For the most part, the FAQs reiterate past guidance and emphasize key provisions of the new COPPA Rule and its Statement of Basis and Purpose.  However, here are 5 key things that the revised COPPA FAQs clarify:

  1. Operators are not legally required to obtain parental consent for certain information that was collected before the effective date of the new COPPA Rule and that was not considered “personal information” under the original COPPA Rule.  Specifically, parental consent is not required for the following categories of information that were collected before July 1, 2013:  (1) photos, videos, and audio files containing a child's image or voice; (2) screen or user names that function as online contact information (unless the operator combines them with new information after July 1, 2013); and (3) persistent identifiers (unless the operator continues to collect the persistent identifiers or combines them with new information after July 1, 2013).  (FAQ 4)
  2. Operators of child-directed sites and online services that do not target children as their primary audience may not block children from participating in the site or service altogether, although the operator may offer different activities to users based on age. (FAQ 38) This would seem to allow an operator to block the child from all interactive features that could enable the sharing of personal information, as long as the child can continue to use portions of the site that do not require or enable the sharing of personal information. 
  3. Third-party services that are integrated on child-directed sites will be deemed to have "actual knowledge" if, in the future, a formal industry standard or agreed-upon convention is developed under which sites or services signal their child-directed nature to integrated third parties.  However, the mere collection of a URL from a child-directed site or service is unlikely to constitute actual knowledge.  (FAQ 39)  This guidance builds on a blog post published by the FTC's Chief Technologist, Steve Bellovin.
  4. An operator of a child-directed site or service does not need to notify parents or obtain parental consent before collecting pictures from children, as long as it either blurs the child's facial features or prescreens and deletes photos of children before posting them online.  (FAQs 43-45)  (But don't forget to scrub for metadata as well -- photo metadata that contains precise geolocation information may trigger the COPPA Rule.)
  5. A third party who is integrated on a child-directed site may rely on the "support for internal operations" exception to support the third-party's own internal operations.  There actually was text in the final COPPA Rule's Statement of Basis and Purpose supporting this point, but the revised COPPA FAQs make this point crystal clear.  (FAQ 77)

In addition, the COPPA FAQs clarify how the COPPA Rule applies in the classroom:

Continue Reading

Student Privacy and the Cloud: Five Principles for Schools

Posted by Matt DelNero on April 13, 2013

Advances in technology present opportunities to improve student learning, allow teachers and students to work more efficiently, and reduce operational costs for educational institutions.  Many schools are taking advantage of these benefits by implementing online course systems and cloud computing services that allow students and teachers to access their programs, e-mails, and documents online from anywhere and almost any device.

As a New York Times article published earlier this week also highlighted, the embrace of educational cloud services also raises interesting and important questions about the privacy and security of student data.  After all, these services by definition involve the movement of student and teacher communications, documents, or other data that used to be stored on-site and managed by school employees to the cloud.  Cloud computing services are operated by third-party vendors, and these vendors have a range of business models and practices with respect to the collection, use and disclosure of data. 

As they work to safeguard student data without inhibiting the benefits of educational technologies, we find that educational institutions increasingly are focusing on regulatory requirements and contractual protections for student data -- and in particular five principles that we describe after the jump.

Continue Reading

FTC Settles Deception, COPPA Charges Against Social Networking App Path

Posted by Lindsey Tonsager on February 03, 2013

Path, a social networking mobile app, has agreed to enter into a settlement with the Federal Trade Commission (“FTC”) regarding charges that the company deceived consumers by collecting contact information from users’ mobile address books without notice and consent.  The agreement also resolves charges that the company violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting personal information from children under  13 years old without parental notice and consent.  Path did not admit any liability by entering into the consent decree, which is for settlement purposes only.

The FTC alleged that the Path application included an “Add Friends” feature that allowed users to make new connections within the app.  Users were given three options when using the “Add Friends” functionality:  “Find friends from your contacts,” “Find Friends from Facebook,” or “Invite friends to join Path by email or SMS.”  Regardless of which option was chosen, Path automatically collected and stored contact information from the address book on the user’s mobile phone.  The FTC argued that this practice was contrary to representations made in the company’s privacy policy that only certain technical information, such as IP address, browser type, and site activity information, was automatically collected from the user.  Under the settlement, Path agreed to implement a comprehensive privacy program and obtain biennial, independent privacy assessments for the next twenty years. 

Continue Reading

The International Privacy Rights of the Child: A Computers, Freedom & Privacy Mini-Conference

Posted by Steve Satterfield on January 03, 2013

The U.S. took the lead in legislating privacy rights for children and parents in the Children’s Online Privacy Protection Act more than a decade ago.  Now the European Union has proposed including privacy protections for children in the Data Protection Regulation under discussion, and Latin American countries have included regulation of children’s privacy in new data protection statutes.  Join the Computers, Freedom & Privacy Conference for an interactive discussion of the state of children’s privacy in the U.S. and abroad.  The panelists for this session are experts in children’s privacy:

  • Phyllis Marcus, Senior Staff Attorney, Federal Trade Commission.  Phyllis is one of the primary architects of the FTC’s implementation of COPPA, which was updated significantly in December 2012.  She has been at the FTC in several capacities since 1998, prior to which she was legal director for The Appleseed Foundation.  Phyllis holds a JD from the University of Michigan (1993) and a BA in International Relations from the University of Pennsylvania (1990).
  • Angela J. Campbell, Co-Director, Institute for Public Representation and Professor of Law, Georgetown University.  Angela joined the Georgetown faculty in 1988 from the Department of Justice.  She has focused on children’s privacy and related issues in both her legal scholarship and her advocacy.  She is the author, for example, of "Ads2Kids.com: Should Government Regulate Advertising to Children on the World Wide Web?," published in the Gonzaga Law Review, and she recently has represented a coalition of public-interest organizations led by the Center for Digital Democracy in filing complaints alleging COPPA Rule violations against several companies.
  • Joseph A. Wender, Legislative Director, Congressman Edward J. Markey (D-Mass).  Joseph takes the lead in handling privacy issues for Congressman Markey, who is a Co-Chair of the Congressional Bi-Partisan Privacy Caucus and co-author of the “Do Not Track Kids Act,” a proposal to strengthen online safeguards for children and teens that has drawn nearly 50 co-sponsors in a tightly divided Congress.

The session will be moderated by Kurt Wimmer, co-chair, Global Privacy and Data Security Practice, Covington & Burling, with assistance from Covington colleagues including Matt DelNero, Lindsey Tonsager and other members of the InsidePrivacy.com team.

The session will be held on January 28, 2013, from 10:00 a.m. to noon at Covington & Burling, 1201 Pennsylvania Avenue, N.W., 11th Floor, Washington, D.C.  There is no charge, but please RSVP to Stephanie Herndon (sherndon@cov.com) by January 18 if you wish to attend.

The New COPPA Rule: What Exactly Did the FTC Change?

Posted by Lindsey Tonsager on December 20, 2012

Check out the FTC's additions, subtractions, and relocations in this comparison of the old and new COPPA rules. 

FTC Adopts Final COPPA Rule: What Businesses Should Know

Posted by Lindsey Tonsager on December 19, 2012

The Federal Trade Commission has released its revised final rule implementing the Children’s Online Privacy Protection Act (“COPPA”), which governs (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have actual knowledge that a user is under 13.

The Commission retained the “e-mail plus” consent method and supported a number of new parental consent methods, streamlined the notice requirements, and encouraged the use of automatic filtering tools.  Although the Commission pushed forward with its proposal to define “personal information” to include persistent identifiers, it also broadened the definition of support for internal operations.  Below is a summary of the highlights. 

 

Continue Reading

FTC Releases Second Report on Mobile Apps Directed To Children

Posted by Lindsey Tonsager on December 10, 2012

The Federal Trade Commission released today its second report on mobile apps directed to children.  The report, which follows up on an analysis that staff conducted in February 2012, examined the privacy disclosures of hundreds of kid-directed mobile apps and tested the apps’ practices against these disclosures to determine if the disclosures were accurate and complete.  

Staff found the results of the second report "disappointing," concluding that many apps do not contain privacy disclosures that fully explain how the app collects, uses, and discloses children's data.  Among other things, the report focused on disclosures related to advertising, links to social media, and in-app purchases. 

Announcing the release of the report, Jessica Rich, Associate Director, FTC Division of Financial Practices, expressed concern that a number of the apps disclosed device identifiers to third parties, including ad networks and analytics companies.  She emphasized that the staff made no findings about how these third parties used the device identifiers, but noted that the FTC's proposed revisions to the Children's Online Privacy Protection Act (COPPA) Rule would treat this information as "personal information" for purposes of COPPA, unless the data is used to support internal operations.  (Ms. Rich declined to comment on the timing of the release of a final COPPA Rule; other FTC staff previously have suggested the final Rule might come in the next few weeks or early next year.) 

Ms. Rich also stated that the Commission is investigating whether the apps violate laws such as COPPA or Section 5 of the FTC Act.  At the same time, she emphasized that the issues raised in the second report are widespread and that the report is focused on identifying industry best practices.  She encouraged industry to accelerate self-regulatory efforts to improve mobile app disclosures.  In particular, she applauded recent efforts to develop icons and similar mechanisms to shorten privacy policies for mobile apps. 

FTC Imposes $1 Million Fine Against Musicians' Fan Websites for COPPA Violations

Posted by Mike Nonaka on October 04, 2012

By Lindsey Tonsager and Mike Nonaka

On October 2, 2012, the Federal Trade Commission filed a proposed consent decree resolving claims that Artist Arena LLC violated the Children’s Online Privacy Protection Act (COPPA) by collecting and disclosing email addresses, birth dates and other personal information from more than 100,000 children younger than the age of 13 without obtaining proper parental consent.  Artist Arena will pay a civil penalty in the amount of $1,000,000 and comply with monitoring, reporting, and recordkeeping requirements administered by the FTC.

Artist Arena operated websites that served as fan clubs for young musicians, including Justin Bieber, Rihanna, Selena Gomez, and Demi Lovato.  Users could create profiles, communicate with friends, and sign up for musicians’ newsletters through the websites.  The FTC alleged that the websites gathered a host of personal information from children and granted them immediate access to the websites without first providing notice to parents and obtaining parental consent as required by COPPA.  Artist Arena also violated section 5 of the Federal Trade Commission Act by informing parents that the websites would not collect children’s’ personal information until after the adults had given their consent, even though the websites had already procured this information according to FTC officials. 

The FTC’s settlement comes at a time when the agency is deliberating over potential updates to its rule implementing COPPA, as reported in this blog (here, here, here, and here).  According to FTC Commissioner Edith Ramirez, the proposed rules would align requirements under COPPA with enforcement actions such as the one against Artist Arena.  Commissioner Ramirez also stated that the agency would remain vigilant in enforcing COPPA against all companies and not just companies in emerging technologies intended to be captured by the proposed rules.  “Although we are in the midst of updating COPPA to address groundbreaking new technology, we also need to ensure that well-established companies like [Artist Arena] employ familiar online tools in complying with COPPA requirements.  Plainly, more needs to be done to ensure that marketing departments are mindful of COPPA requirements.”

COPPA Comments Now Due September 24, 2012

Posted by Josephine Liu on August 27, 2012

Earlier today, the Federal Trade Commission announced a two-week extension for submitting comments on the FTC’s latest proposed revisions to the rule implementing the Children’s Online Privacy Protection Act (“COPPA”).  In place of the original September 10, 2012, deadline, comments will now be accepted until September 24, 2012.

The FTC granted the extension after sixteen industry associations requested that the deadline be pushed back to October 15, 2012.  Among other reasons, the associations cited the complexity of the online and mobile ecosystems, the FTC’s requests for detailed comments, and the need to consider how the latest proposed changes interact with the FTC’s initial proposals

FTC Proposes Additional Revisions to COPPA Rule

Posted by Lindsey Tonsager on August 01, 2012

By Lindsey Tonsager and Shel Abramson

Earlier this morning, the FTC proposed additional revisions to the rule implementing the Children’s Online Privacy Protection Act (“COPPA”).  COPPA governs the online collection, use, and disclosure of children’s personal information by (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have actual knowledge that a user is under 13.  The FTC initially proposed revisions to the COPPA Rule in September 2011, and based on comments that it received, is proposing additional changes for comment.  Comments to this supplemental proposed rule must be submitted by September 10, 2012.  No final rules were adopted at this time.

The supplemental proposed rule revises the definitions of several key terms, including “operator,” “website or online service directed to children,” “personal information,” and “support for internal operations.” 

  • Operator:  The revisions would expand the definition of “operator” to include third parties, such as social plug-ins and ad networks, that know or have reason to know that they collect personal information through child-directed websites and online services.  The FTC previously had rejected a constructive knowledge standard.  The notice suggests that website operators and such third parties would be deemed  “co-operators” that would be jointly responsible for complying with COPPA.  
  • Website or Online Service Directed to Children:  The revised definition would allow family friendly websites that are directed to both children and a broader audience to comply with COPPA without treating all users as children, instead providing COPPA protections only to users under the age of 13. 
  • Screen and Usernames:  The revisions would clarify that screen or usernames would be covered only where they function as online contact information.   
  • Personal Information: The new proposed definition would include persistent identifiers that can be used to identify users over time and across different sites and services.  
  • Support for Internal Operations: Activities that are required to manage and operate a site will not be deemed to have collected personal information if they do not use or disclose the information for the purposes of contacting an individual.  

European Data Protection Supervisor Issues Opinion on Children's Privacy

Posted by Lindsey Tonsager on July 27, 2012

The European Data Protection Supervisor ("EDPS") has issued an opinion on Europe's strategy for protecting children on the Internet.  The European Commission consults with the EDPS on a variety of data protection issues.  However, the opinions of the EDPS are not legally binding. 

Among other things, the EDPS expressed support for: 

  • The implementation of technical tools, such as age-appropriate default privacy settings, to enhance the privacy of children online.     
  • Clear notice about the impact a change to a default setting would have on a child's privacy and the potential harm it may cause. In particular, the EDPS suggested that in some circumstances a child might not be permitted to change the default settings, or might change the defaults only with parental consent, stating that the "extent to which a child may change the default privacy settings should also be linked to the age and level of maturity of the child.  It should be explored to what extent, and within which age group, parental consent would be required to validate a change of privacy settings." 
  • A requirement that service providers inform children about the level of sensitivity of each piece of information they provide when creating an online profile and about the potential risks or harms they may encounter when such information is disclosed to a defined group of people or to the public. 
  • A restriction on industry's ability to create online behavioral advertising segments that target children.
  • A legal mandate for industry to deploy an EU-wide reporting tool for content that is harmful to children.

 

Continue Reading

New Jersey AG Settles COPPA Suit Against Mobile App Developer

Posted by Lindsey Tonsager on July 03, 2012

The New Jersey Attorney General and Division of Consumer Affairs have announced a settlement with 24x7digital, the developer of the "TeachMe" mobile apps for preschool through second-grade children, to resolve claims that the company violated the federal Children's Online Privacy Protection Act ("COPPA").   

The state alleged that children were encouraged to submit their full names, along with a photograph, when they created user profiles, and that the apps disclosed the user's full name and the mobile device's unique device identifier ("UDID") to a third-party data analytics company.  According to the state's complaint, 24x7digital ran afoul of COPPA by failing to provide notice or obtain parental consent before collecting, using, and disclosing the children's personal information online. 

Under the statute, a state attorney general may sue for violations of COPPA on behalf of the residents of the state to (i) enjoin the practice; (ii) enforce compliance with the FTC's COPPA rule; (iii) obtain damage, restitution, or other compensation on behalf of the state's residents; or (iv) obtain such other relief as the court may consider to be appropriate.  However, before filing the action, the attorney general typically must notify the FTC and provide a copy of the complaint. The FTC then has the option of intervening in the case. 

Although this is not the first COPPA action that a state has brought (Texas sued three website operators in 2007), most states have left COPPA enforcement to the FTC. With an increased attention on the privacy practices of mobile apps, however, these kinds of cases may become more common. For its part, the New Jersey AG has stated that it will continue to investigate other mobile applications to determine if they are unlawfully sharing users' personal information. 

Members of Congress Examine Impact of Media and Marketing On Children

Posted by Libbie Canter on May 10, 2012

Earlier today, members of Congress and regulators gathered for a symposium on “The Impact of Media on the Health & Well-Being of Children.”   Participants included Congressman Edward Markey (D-MA), Congresswoman Debbie Wasserman Schultz (D-FL), Senator Richard Blumenthal (D-CT), Jon Leibowitz, Chairman, Federal Trade Commission, and Mignon Clyburn, Commissioner, Federal Communications Commission, as well as researchers and members of the public interest community.  In response to a question, Chairman Leibowitz informed the audience that the FTC expects to issue a revised Children’s Online Privacy Protection Act (“COPPA”) Rule by “the end of the year and hopefully sooner.” 

During their remarks, Congressmen Markey and Wasserman Shultz each expressed support for the Do Not Track Kids Act of 2011 (H.R. 1895), which we have blogged about here.  The bill would expand privacy protections for minors under the age of 18, including a prohibition on the use of personal information for targeted marketing to minors and a requirement that website operators provide “eraser buttons” to enable the deletion of personal information shared publicly by minors.  Senator Blumenthal also indicated that he was supportive of the legislative proposal, which he described as “common sensical,” although he stated that there likely would be substantial concern among advertisers and other stakeholders about implementation issues.

Continue Reading

FTC Refers Children's Privacy Case Back To CARU

Posted by Lindsey Tonsager on April 30, 2012

The FTC has decided not to pursue an enforcement action against Clearwater Aquarium for alleged violations of the Children's Online Privacy Protection ("COPPA") Rule. 

In February 2012, the Children's Advertising Review Unit ("CARU") referred the Clearwater Aquarium's website to the FTC for review under COPPA after the Aquarium reportedly did not respond to CARU's inquiry.  CARU claimed that the site featured a “Kidzone” where visitors could sign up for an e-newsletter by entering their first and last names, mailing and email addresses, and cellphone numbers.  CARU was concerned that the Aquarium collected personally identifiable information from children under the age of thirteen without first obtaining parental consent and that the Aquarium's privacy policy -- which stated that it did not collect information from children under 18 without parental consent -- did not accurately reflect its actual privacy practices.

After reviewing the website, the FTC concluded "that the information collection practices that had triggered CARU's inquiry had been remedied."  The FTC declined to take any further action, instead referring the matter back to CARU. 

CARU, a division of the Council of Better Business Bureaus, is a self-regulatory body that monitors websites for compliance with COPPA.  Although CARU's self-regulatory program is completely voluntary, CARU may refer cases to the FTC if companies refuse to respond to inquiry letters.  The FTC reviews CARU's case referrals to determine whether enforcement action is appropriate.  Although the FTC has initiated enforcement actions in response to CARU referrals in the past, the Clearwater Aquarium case is a reminder that the FTC may decide no further action is necessary.  

Do Not Track Kids Bill Gains Cosponsors

Posted by Lindsey Tonsager on March 12, 2012

Over the last few weeks, a number of cosponsors have been added to the Do Not Track Kids Act of 2011 (H.R. 1895), bringing the total number of cosponsors to 29.  The bill was introduced by Rep. Markey and Rep. Barton on May 13, 2011.  Earlier this month, the two members also hosted a Congressional briefing to discuss how to protect children and teens online.

As we blogged about here, the bill would expand the Children’s Online Privacy Protection Act ("COPPA").  In addition, the bill would introduce new privacy protections for minors under the age of 18, including a prohibition on the use of personal information for targeted marketing to minors and a requirement that operators of websites and online services provide "eraser buttons" that enable the deletion of personal information shared publicly by minors.

We will continue to monitor this legislation as these two senior, bipartisan members of the Committee press for a mark-up of their bill.  

FTC Approves New COPPA Safe-Harbor Program

Posted by Michael Beder on February 28, 2012

The Federal Trade Commission on Feb. 24 announced it had approved a new safe-harbor program for online services that are subject to the Children’s Online Privacy Protection Act (COPPA), a federal law that regulates the online collection of personal information from children under 13. Under COPPA and the FTC’s implementing rule, online services that comply with FTC-approved, industry-developed safe-harbor programs generally are considered by the FTC to be compliant with COPPA. Approval requires an FTC determination that the proposed safe-harbor program will provide at least as much protection as the FTC rule and will be able to encourage and monitor compliance effectively.

The newly approved safe-harbor program, run by Aristotle International, Inc., is the fifth such program approved by the FTC.  The program sets out requirements for the format and content of participants’ privacy policies, parental notices, and procedures for obtaining verifiable parental consent. Among other provisions, COPPA requires websites and other online services that are directed at children or that have actual knowledge that a user is a child to notify a parent and obtain the parent’s verifiable consent before collecting, using, or disclosing personal information from a child.

Continue Reading

Older Posts