The Federal Trade Commission adopted final amendments to the Children’s Online Privacy Protection (COPPA) Rule today. The amendments are the result of a review initiated by the FTC in 2010 to adapt to changes in technology and in the way children use and access the Internet.
Highlights of the amendments include:
- Modification of the list of “personal information” that cannot be collected without parental notice and consent. Geolocation information, photographs, and videos are now on the list.
- A streamlined, voluntary, and transparent process for getting approval of new ways of obtaining parental consent.
- Closing of a loophole that allowed third parties, on behalf of kid-directed apps and websites, to use plug-ins to collect personal information from a child without parental notice and consent.
- Strengthening of data security protections by requiring covered website operators and online service providers to take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential.
- Application of the COPPA Rule to persistent identifiers that can recognize users over timer and across different websites or online services, such as IP addresses and mobile device IDs.
- Revision of the parental notice provisions to help ensure that operators’ privacy policies, and the notices they must provide to parents before collecting children’s personal information, are concise and timely.
- Approval of new methods that operators can use to obtain verifiable consent. The new methods are: electronic scans of signed parental consent forms; video-conferencing; use of government-issued identification; and alternative payment systems.
The amended Rule goes into effect on July 1, 2013. The full text of the Federal Register Notice adopting the amendments can be found here.
A $22.5 million settlement of FTC’s charges that Google secretly used cookies to track the activity of Safari users gained court approval last week. The charges were based on an earlier settlement of charges that Google used the private information of Gmail users for its Buzz social network. The FTC and Google settled those charges in October 2011 with a consent order prohibiting Google from future misrepresentations regarding (1) its collection and use of private information and its customers’ control over that information; and (2) its membership and compliance with privacy or security programs.
The FTC alleged that Google violated the Buzz consent order by assuring Safari users that the browser’s default settings would block Google tracking cookies, but overriding Safari’s blocking software and secretly collecting cookies from Safari users. The FTC also alleged that Google’s use of Safari cookies without informing its users violated the code of conduct of the Network Advertising Initiative, of which Google represents it is a member.
The court approved the proposed consent order settling those charges in a decision issued last Friday (read the decision here). The proposed consent order would require Google to pay a civil penalty of $22.5 million—the most a company has ever paid for violating an FTC order. Google must also maintain systems that delete Google cookies from Safari browser users and report to the FTC on compliance with the consent order. The consent order does not require Google to admit that it violated the Buzz consent order, however.
Amicus curiae Consumer Watchdog objected to the proposed consent decree on the grounds that it did not impose a permanent injunction on Google, that the $22.5 million penalty was too small, and that Google should be required to admit liability. Judge Susan Illston of the U.S. District Court for the Northern District of California rejected Consumer Watchdog’s arguments, finding the settlement “fair, adequate and reasonable.”
On September 5, the Federal Trade Commission published its first guide specifically with mobile app developers in mind. Entitled “Marketing Your Mobile App: Get It Right From the Start,” the guide is not legally binding, but it does set out guidelines to help mobile app developers comply with truth-in-advertising and privacy laws. In particular, the guide lays out seven principles for complying with federal data privacy requirements under statutes like the Graham-Leach-Bileley Act, the Fair Credit Reporting Act, the Child Online Privacy Protection Act, and the Federal Trade Commission Act. Click here for the press release and a link to the guide.