On November 15, 2012, FTC Commissioner Julie Brill spoke at the Family Online Safety Institute (FOSI). See full speech at http://ftc.gov/speeches/brill/121114fosi.pdf. Commissioner Brill outlined the history of FTC enforcement actions related to the Children's Online Privacy Protection Act (COPPA), signaling that enforcement of the COPPA Rule is a mandate the FTC takes very seriously. Commissioner Brill also discussed proposed changes to the COPPA Rule saying that the Commission "is in the midst of considering how to update the COPPA Rule to continue to provide parents with the meaningful control that they want in this new technological environment." Recognizing that much has changed since the COPPA Rule was originally issued in 2000, Commissioner Brill said that the COPPA Rule is in need of an upgrade.
In addressing FOSI, Commissioner Brill outlined enforcement actions for violations of the COPPA Rule, noting that in the 12 years since the Rule’s enactment, the Commission has brought 20 COPPA enforcement actions. Together, these twenty cases have garnered more than $7.6 million. FTC enforcement actions have covered the full range of online services offered to children. In 2006, Xanga.com, a social networking site, paid a $1 million penalty for not obtaining parents' permission before collecting personal information from children. In May of 2011, the Commission settled charges against Playdom, a leading developer of online virtual worlds. This case resulted in a $3 million dollar civil penalty against the company for collecting and disclosing personal information about children, including full names, email addresses, and location information, without parental consent. The Commission has also taken COPPA into the mobile space. In August of last year, the Commission brought its first COPPA case involving mobile apps. The FTC believed that W3 Innovations violated COPPA by failing to obtain parental consent before collecting and maintaining thousands of girls’ email addresses, and also allowing girls to publicly post personal information on in-app message boards for their “dress up” and “girl world” apps. The most recent FTC COPPA enforcement action was against the operator of fan websites for music stars, like Rihanna and Justin Bieber, Artist Arena, who was required to pay a $1 million penalty.
In discussing the FTC's proposed changes to the COPPA Rule - purportedly to be done by year's end (but we will be watching closely for that), Commissioner Brill noted that the changes the FTC have proposed would: 1) make clear that COPPA applies to new media, including the mobile app space; 2) ensure that information that should be characterized as “personal information” is in fact covered by the COPPA Rule; 3) streamline how parents are notified about an operator’s privacy practices; and 4) allow operators to innovate and create new ways to obtain verifiable parental consent from parents. Also, indicating that the FTC wants to make sure that the right entities are required to comply with COPPA, the FTC has "proposed to capture a greater portion of the universe of entities who collect and use information about kids."
In closing, Commissioner Brill recognized the issues were difficult and urged "a continued careful deployment of today’s robust technology for the benefit of kids that provides parents with the control that they want – the control they need — and the control that Congress required the FTC to ensure that they have."
We will be closely following the changes to the COPPA Rule. The proposed changes are significant and could cause many companies - even those not previously under the COPPA rule - to make significant changes to their websites and mobile applications. Click here to read a recent blog about COPPA.