Blog
FTC Seeks Public Comments on Latest Proposed Revisions to COPPA Rule
Blog
August 10, 2012
The FTC has published a Federal Register Notice seeking public comments by September 10, 2012 on additional proposed modifications to the Children’s Online Privacy Protection Rule (“COPPA Rule”). The original COPPA Rule—which went into effect on April 21, 2000—has been reviewed by the FTC several times over the past decade. As we previously reported, the FTC issued proposed revisions in September 2011 that would impact notice, parental consent, confidentiality, security, and several definitions under the Rule. Those revisions generated significant discussion and input (including 350 formal comments). In response, the FTC is now proposing to modify certain definitions contained in the COPPA Rule to stay current with recent technology advances. For example, the FTC had originally proposed that screen or user names be treated as personally identifiable. Under the new proposed Rule, screen and user names will only be considered personally identifiable if they constitute online contact information (like a screen name that is also used as an email address). The proposed rule also clarifies that a “website or online service directed to children” could include an ad network, and that sites that target children must treat all visitors as children—even if some are adults. There was also concern after issuance of the September 2011 proposed Rule that persistent identifiers would be viewed as personally identifiable information. The FTC has now clarified in this proposal that persistent identifiers will be viewed as personally identifiable if they can be used to recognize a user over time or across different sites, and is used for purposes other than the support of internal operations. The FTC has also given more information about what constitutes “support for internal operations,” namely that it includes site maintenance and analysis, performing network communications, authenticating users, maintaining user preferences, and protecting against fraud and theft. Importantly, also included in the definition is serving contextual advertisements, provided that the information collected is not used to contact a specific individual or for any other purpose.
TIP: We will continue to monitor the proposed changes to this Rule. Now that new comments are being sought, this suggests that a final rule will not be released in the fall as originally suspected. If you are interested in submitting comments, please contact one of the authors or your regular Winston & Strawn contact.
This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.