As promised, the Federal Trade Commission has provided additional updates to its Frequently Asked Questions guidance regarding the new Children’s Online Privacy Protection Rule which took effect July 1.
The agency addressed three issues: the use of share buttons, when an ad network has “actual knowledge” that it has collected personal information from child users, and what to do with information collected from child-directed sites without parental consent.
Share buttons – where an app contains a plug-in that allows content to be posted to a social networking page or e-mailed in a message – require verifiable parental consent, even if the app doesn’t otherwise collect personal information.
The question of whether a site has “actual knowledge” that it is collecting personal information from users covered by COPPA is very fact-specific, the agency said. The FAQs offer two situations where the Commission believes actual knowledge exists: “where a child-directed content provider (which is strictly liable for any collection) directly communicates the child-directed nature of its content to you, the ad network; or where a representative of your ad network recognizes the child-directed nature of the content.” To reduce the likelihood of the second scenario, the FAQs suggest that businesses prominently disclose an appropriate method of contact with COPPA information, such as a phone number for a designated individual.
The updated guidance also includes an important hypothetical: What happens if an ad network finds out after July 1 that personal information has been collected from a child-directed site? First, immediately stop the collection. Then it should get verifiable parental consent before collecting any additional personal information, or disclosing or using the collected information that the operator knows came from a child-directed site. And as a best practice, the ad network should delete the personal information known to have come from the child-directed site.
However, if the operator doesn’t know the origin of the information (having converted the data into interest categories such as “sports enthusiast”), it could permissibly use the data without obtaining parental consent.
The FTC also tweaked the format of the FAQs by dividing questions by topic (for example, Photos, Videos, and Audio Recordings or Geolocation Data) to make them easier to find, and then renumbered each of the questions in the new category.
To read the FTC’s FAQs, click here.
Why it matters: Although the updated COPPA Rule took effect July 1, businesses are still expressing concern about compliance with the new requirements and the cost of trying not to violate the Rule. The FTC has attempted to calm Web site and app developers and members of the ad industry by providing continued guidance and new additions to the FAQs, but many remain anxious as they await the agency’s enforcement efforts.