For companies that devote entire departments to the sole task of maintaining the company website and social media platforms, the last item on their Internet teams’ favorite-thing-to-do list is likely “deal with legal issues.” Due to rapidly changing technology and laws that scurry to keep up, the frustrations are understandable, and most often come to a head on the topic of privacy.
Last month, the FTC attempted to keep pace with technology shifts and released its most recent amendments to the Children’s Online Privacy Protection Rule (also known as the “COPPA Rule,” as it is based on the requirements of the Children’s Online Privacy Protection Act [“COPPA”]), which will become effective July 1, 2013. Initiated in April of 2000 (light-years ago in terms of technology progression), the COPPA Rule requires operators of Web sites to take varying privacy precautions based on the maturity of the sites’ audience. Revisions to the rule arrived in the form of modifications to certain definitions, and implementation of newer or stronger methods for safer surfing.
First, the COPPA Rule update redefines certain terms including “operator,” “Web site or online service directed to children,” and “personal information.” The term “operator” is now defined as a conductor of a child-directed site or service that allows outside services to collect personal information from visitors. In a related vein, “website or online service directed to children” means those services having actual knowledge that they are collecting personal information through a site geared towards children. “Directed at children” sites are now also required to provide notice and obtain parental consent for users under the age of thirteen. Possibly the most dynamic of defined terms, however, is “personal information.” Due to the vast increase in big brother technology, “personal information” has been revamped to include geolocation data, and other more sophisticated identifiers, on top of the more commonly known photos, videos, and audio files that contain a child’s image or voice.
Next, the new COPPA Rule clarifies the method that operators must utilize to notify parents of data collection. When operators collect personal information from children, they must not only alert parents beforehand that they are collecting the data, but must also place all pertinent information about the collection in the very beginning of the notice. On the bright side for operators, the new Rule also comprises of new ways to obtain consent from parents. Some examples of updated modes of permission include video conferencing with operators, and scanned parental consent forms.
Furthermore, the COPPA Rule now requires stronger practices to maintain the security of children’s information after collection. If an operator releases the data collected from children to a third party and/or service provider, the operator must take reasonable measures to verify the third party’s aptitude for protecting the information. Cutting error time is also key; therefore, operators may only retain the collected information for as long as reasonably necessary.
Amazingly, no matter how quickly a new version of the COPPA Rule enters the scene, it is already behind the times. Paralleling this notion is the inevitability of children surpassing their parents in their level of technological ability. Thus, it may be difficult to keep up with the best practice in online data collection, but it would be prudent for those involved to try.
For more information, visit: http://www.ftc.gov/privacy/coppafaqs.shtm