Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

FTC Approves New COPPA Safe-Harbor Program

Posted in Children's Privacy, Federal Trade Commission, United States

The Federal Trade Commission on Feb. 24 announced it had approved a new safe-harbor program for online services that are subject to the Children’s Online Privacy Protection Act (COPPA), a federal law that regulates the online collection of personal information from children under 13. Under COPPA and the FTC’s implementing rule, online services that comply with FTC-approved, industry-developed safe-harbor programs generally are considered by the FTC to be compliant with COPPA. Approval requires an FTC determination that the proposed safe-harbor program will provide at least as much protection as the FTC rule and will be able to encourage and monitor compliance effectively.

The newly approved safe-harbor program, run by Aristotle International, Inc., is the fifth such program approved by the FTC.  The program sets out requirements for the format and content of participants’ privacy policies, parental notices, and procedures for obtaining verifiable parental consent. Among other provisions, COPPA requires websites and other online services that are directed at children or that have actual knowledge that a user is a child to notify a parent and obtain the parent’s verifiable consent before collecting, using, or disclosing personal information from a child.

Aristotle’s program also requires participants to complete annual self-evaluations, submit to both quarterly and unannounced outside compliance reviews, and participate in the program’s dispute-resolution process.

Aristotle’s application highlights that program participants will have the option of using Aristotle’s proprietary system for obtaining parental consent.  The system provides several methods for confirming that the person giving consent actually is the child’s parent.  For instance, a parent can provide consent by e-mailing an electronically signed consent form along with a scanned copy of a government identification document, which Aristotle will check against its own databases.  The system also allows for verification using real-time videoconferencing over programs such as Skype.  

The FTC’s proposed revision of the COPPA rule would add videoconferencing and the use of government IDs as recognized consent methods, along with scanned copies of physically signed consent forms.  The FTC also sought comment on whether an electronically signed form could be made sufficiently reliable to serve as an effective consent on its own.  A decision on the FTC’s proposed revision of the rule is expected later this year.