Since new requirements under the updated Children’s Online Privacy and Protection Act (COPPA) entered into force in July, 2013, the Federal Trade Commission (FTC) has moved into an active enforcement phase, while also fielding requests to recognize new parental consent methods and safe harbor programs. Those interested in children’s online activities can draw some important lessons from these activities.
- Enforcement Actions. In September of this year, the FTC settled with Yelp, Inc. and TinyCo. Inc., obtaining $450,000 and $300,000, respectively, for allegedly violating COPPA by collecting data on users under thirteen without parental consent. Last month, TRUSTe, Inc., a company that provides a number of privacy “seal” programs, including a COPPA safe harbor program, incurred a $200,000 fine for failing to review its customers’ privacy policies before recertifying their seals, contrary to representations by TRUSTe that it reviewed them.
LESSONS LEARNED: COPPA isn’t just for kids’ sites. And, by the way, if you’re a seal program, make sure you don’t overstate the parameters of your program.
- Parental Consent Methods. Imperium Inc.’s application for a new parental consent method using knowledge-based questions was approved in December, 2013. Others weren’t so fortunate. The FTC rejected iVerify’s proposal to use Social Security Numbers and knowledge-based authentication questions in February, 2014 because the proposal was simply a variation on already-approved consent methods. In July, 2014, the FTC received a proposal from AgeCheq, Inc. detailing two methods for obtaining parental consent under COPPA: (1) a method involving a financial transaction; and (2) a requirement that parents print, sign, and return a form providing consent to AgeCheq. The FTC rejected the proposal, saying the company did not present a new means of obtaining parental consent under COPPA. AgeCheq in the interim submitted a second proposal on October 1, 2014, which is pending consideration.
LESSONS LEARNED: If you’re proposing a new parental consent method, make sure it is new.
- Safe Harbor Programs. An additional safe harbor program, kidSAFE, received approval in February 2014. iKeepSafe, also known as the Internet Keep Safe Association, was also approved as a safe harbor program in August, 2014. This brings the total number of approved COPPA safe harbor programs to seven.
LESSONS LEARNED: More safe harbor programs offer more choices for companies that elect to take advantage of them, but due diligence is necessary. Regardless of whether companies choose to join a safe harbor program, close internal attention to COPPA compliance is business-critical for kids’ companies.