Websites and app developers are on notice that the Federal Trade Commission’s revised rule implementing the Children’s Online Privacy Protection Act will take effect on July 1, 2013 as scheduled. A recent Privacy In Focus article explained how websites and app developers have little time left in which to implement the potentially extensive and expensive changes in software and operational systems, and perhaps renegotiate contracts, to come into compliance.
To assist, the FTC has released a set of updated “Frequently Asked Questions” regarding COPPA that make quite clear the many changes that the agency expects websites, online services (e.g., mobile gaming and VoIP services), and mobile apps to make in order to comply.
The new regulation will affect the collection not only of names, addresses, telephone numbers, and online contact information as in the past, but also “persistent identifiers” (such as IP addresses and mobile device IDs), photographs, videos, or audio files containing a child’s image or voice, as well as geolocation information sufficient to identify a street name and town, among others.
The extension of the rule to “persistent identifiers” enables the rule to reach advertising networks that engage in interest-based advertising.
And popular features such as integrated third-party plug-ins or advertising networks are covered, as are those third-party services themsleves when they have “actual knowledge” that they are collecting personal information through a child-directed website. This creates significant new obligations on websites and mobile apps. In fact, the FTC plainly intends to apply COPPA to advertising networks that engage in behavioral advertising. Any website that uses behavioral advertising should review its practices and contracts immediately.
Many app developers and app publishers may still be unaware that the revised regulation will apply to their offerings. Civil penalties can run as high as $16,000 per violation. There is little time before July 1.