Last year, amendments to the Federal Trade Commission’s regulation implementing the Children’s Online Privacy Protection Act (“COPPA”) took effect that broaden its reach and toughen its requirements. A company may think that its site does not collect personal information from children under the age of 13, but there are ways to trip up. One of the more obvious ones is collecting years of birth, which can result in a site being charged with having knowledge of any users under age 13. But many other practices can bring a website within the scope of COPPA.
For example, keep in mind that in last July’s amendments, the FTC broadened the definition of “personal information” that is subject to the prior verifiable parental consent requirement, and expanded the rule to apply both to third-party plug-ins such as the Facebook “Like” button and to third-party advertising networks. The revised regulation also specifically applies to mobile apps. In addition, the revised regulation also has changed how a site aimed “predominantly” at teenagers can confine its COPPA-related obligations to those children that are under 13.
Understanding the current COPPA requirements is vital, because many commonplace website and mobile app practices can inadvertently run afoul of the rule. The same rules govern mobile apps used by children, but compliance is more complex due to the smaller screens on smart devices.